This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "GoogleSeasonOfDocs2019"
m |
(Added ZAP Zest project) |
||
| Line 13: | Line 13: | ||
[[OWASP Zed Attack Proxy Project]] (ZAP) one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. Previous GSoC students have implemented key parts of the ZAP core functionality and have been offered (and accepted) jobs based on their work on ZAP. | [[OWASP Zed Attack Proxy Project]] (ZAP) one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. Previous GSoC students have implemented key parts of the ZAP core functionality and have been offered (and accepted) jobs based on their work on ZAP. | ||
| − | === | + | === The API === |
ZAP has an extremely powerful API that allows you to do nearly everything that possible via the desktop interface. It is considered on of ZAPs strengths and is heavily used for automation. | ZAP has an extremely powerful API that allows you to do nearly everything that possible via the desktop interface. It is considered on of ZAPs strengths and is heavily used for automation. | ||
Unfortunately is also not particularly well documented and we get many queries about it on the support groups. | Unfortunately is also not particularly well documented and we get many queries about it on the support groups. | ||
| Line 27: | Line 27: | ||
The documentation should be suitable for publishing as web pages and for printing on paper. | The documentation should be suitable for publishing as web pages and for printing on paper. | ||
| + | |||
| + | === Zest === | ||
| + | Zest is an experimental specialized scripting language developed by the ZAP team and is intended to be used in web oriented security tools. | ||
| + | While it is tool independent it is heavily used by ZAP. | ||
| + | |||
| + | Existing documentation includes: | ||
| + | * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Zest | ||
| + | * https://github.com/mozilla/zest/wiki | ||
| + | |||
| + | This project would: | ||
| + | # Explain the concepts behind the Zest | ||
| + | # Explain how to write Zest scripts | ||
| + | # Document the ZAP Desktop UI provided relating to Zest | ||
| + | |||
| + | The documentation should be suitable for publishing as web pages and ideally the parts relating to the ZAP Desktop UI should be able to be included within the UI as context sensitive help. | ||
Revision as of 09:37, 13 March 2019
Overview
OWASP is going to apply to participate in the inaugural Google Season of Docs We will be requesting project ideas to help us complete our organization application which is due April 23rd.
OWASP Project Documentation Requests
Tips to get you started in no particular order:
* Read Google Season of Docs Project Ideas * Read Program Rules
OWASP ZAP
OWASP Zed Attack Proxy Project (ZAP) one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. Previous GSoC students have implemented key parts of the ZAP core functionality and have been offered (and accepted) jobs based on their work on ZAP.
The API
ZAP has an extremely powerful API that allows you to do nearly everything that possible via the desktop interface. It is considered on of ZAPs strengths and is heavily used for automation. Unfortunately is also not particularly well documented and we get many queries about it on the support groups.
Existing documentation includes:
- https://github.com/zaproxy/zaproxy/wiki/ApiDetails
- https://github.com/zaproxy/zaproxy/wiki/ApiGen_Index
This project would:
- Explain the concepts behind the UI
- Explain how it can be used at a high level
- Detail all of the API calls
The documentation should be suitable for publishing as web pages and for printing on paper.
Zest
Zest is an experimental specialized scripting language developed by the ZAP team and is intended to be used in web oriented security tools. While it is tool independent it is heavily used by ZAP.
Existing documentation includes:
This project would:
- Explain the concepts behind the Zest
- Explain how to write Zest scripts
- Document the ZAP Desktop UI provided relating to Zest
The documentation should be suitable for publishing as web pages and ideally the parts relating to the ZAP Desktop UI should be able to be included within the UI as context sensitive help.
