Simon Bennetts, founder and project lead of OWASP ZAP, joins the home team to talk about how he came to create the world’s most-used web app scanner, why open-source projects need long-term contributors, and how recent AI advancements could introduce new security vulnerabilities.
Episode notes:
Simon is the founder and longtime project lead of OWASP ZAP, an integrated penetration testing tool that helps uncover vulnerabilities in web apps, including compromised authentication, sensitive data exposure, and SQL injection. ZAP is OWASP’s most active project and the world’s most popular web app scanner.
Check out other OWASP projects here or explore ZAP’s docs.
Check out our blog post on how you can mitigate the ten most-found OWASP vulnerabilities in Stack Overflow C++ snippets.
Jit, where Simon is a distinguished engineer, is a DevSecOps platform that allows high-velocity engineering teams to embed security requirements throughout the DevOps workflow. You can explore Jit’s docs here.
Today we’re shouting out the question CSP Alerts by OWASP even though CSP header is added, definitively answered by one Simon Bennetts.