mittn
mittn copied to clipboard
F-Secure
Add support for OWASP ZAP
Just a suggestion ;) But it might help your uptake as ZAP is completely free. Note we have a fully functional API which should meet all of your needs, and if it doesnt then we'll be very happy to enhance it :) I'll be happy to provide any help and guidance you need. If you dont have the time to implement this yourself then perhaps we could offer it as a student project, if you're willing to advise on the mittn side?
Using Zap would be a great idea, but I think the more pressing issue is Bug #15. Myself, I do not have immediate need to support Zap, so if anyone else wants to build it, I'll happily merge pull requests. If someone starts working on this, please assign yourself to this bug so we know this is happening.
My only wish is that it would be as compatible as possible with the interface that is used with Burp on the Behave step library level, so that if Bug #15 refactoring gets done, Zap integration wouldn't need to be completely redone. Also I'd suggest that Zap integration would be done as an independent test tool (on the same level that Burp and sslyze integration currently are).
I am of course very willing to coordinate the future work and what sort of architecture we'd like to see in the long run.
Fair enough :) I'll document it as a potential ZAP project and if anyone is interested I'll make sure they post to this issue as well.
For info the ZAP Issue is: https://code.google.com/p/zaproxy/issues/detail?id=1403