OWASP Zed Attack Proxy Reboot2012
This is a proposal under the Project Reboot 2012 scheme.
1) Project name
The reboot initiative is led by Project Leader Simon Bennetts and the existing project contributors.
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.
While it is considered to be an OWASP flagship project it is not as well known as many other projects which limits its adoption. The reboot funding is to support the promotion of the project by contributing to marketing costs.
2) Project type
A Type 2 project to pay for expenses associated with marketing the project.
The goal of this initiative is to increase awareness of ZAP within the security and development communities.
This will be achieved by working with the marketing company selected to work with OWASP.
Options include (but are not limited to):
- Web based adverts
- Trade magazine based adverts
- Professionally produced videos
- Interviews with well known on and off-line publications
The options are left deliberately open so that we can fully utilize the experience of the chosen marketing company.
It is hoped that the way we promote ZAP could become a template for promoting other OWASP projects in the future.
Invoices for the required services will be sent directly to the foundation for payment. The timing will depend on how long it takes for the relevant company to be selected and how quickly the engagement can begin, but the ZAP development team are keen to make this happen as quickly as possible.
5) Milestone reviewers
In addition to the GPC, an independent reviewer will be requested from the membership of the other global committees.
The reboot team will maintain a schedule of invoices, and record the impact of the initiatives based on ZAP downloads and automated 'check for update' requests.
The budget is 5,000 USD.
The funds will not be used for travel, subsistence or accommodation, or for summits, or to pay any participant in the project/reboot or who are involved with OWASP as individuals or as companies.