-
Notifications
You must be signed in to change notification settings - Fork 2
GSoC2015
This page is for ZAP related Google Summer of Code Project proposals. Unfortunately neither OWASP not Mozilla were accepted as GSoC mentoring organizations this year.
Currently ZAP provides only a limited set of report data. While this can be extended dynamically this feature is not currently used, and there is no way for users to choose what data they get back. It also provides a set of API calls, some of which return data that could be incorporated into reports, and some of which allow the fixed report to be accessed.
- Report data will be a distinct type of data returned via API calls
- An add-on that provides report data - so this becomes 'plug-able'
- Report data and meta data should be fully internationalized
- Users can specify which sites / contexts report data should apply to
The ZAP Active and Passive rules implement the functionality which allows ZAP to detect vulnerabilities. This project is aimed at significantly extending the existing set of rules and optionally rewriting existing rules in one or more of the supported scripting languages for extra flexibility.
- New active and passive rules written in java and/or a supported scripting language
- Existing rules written in a supported scripting language
- ZAP to score significantly better against tools that evaluate scanners such as wavsep and Google Firing Range
ZAP provides a very powerful scripting interface. Unfortunately to use it effectively is only really possible with a good knowledge of the ZAP internals. Adding code completion (eg using a project like https://github.com/bobbylight/AutoComplete) would significantly help users.
- Code completion for all of the parameters for all available functions in the standard scripts
- Implementations for JavaScript, JRuby and Jython
- Helper classes with code completion for commonly required functionality
For previous proposals see: