Stung by OWASP? Chatting with the creator of the most popular web app scanner (Ep. 570)
Simon Bennetts, founder and project lead of OWASP ZAP, joins the home team to talk about how he came to create the world’s most-used web app scanner, why open-source projects need long-term contributors, and how recent AI advancements could introduce new security vulnerabilities.
Simon is the founder and longtime project lead of OWASP ZAP, an integrated penetration testing tool that helps uncover vulnerabilities in web apps, including compromised authentication, sensitive data exposure, and SQL injection. ZAP is OWASP’s most active project and the world’s most popular web app scanner.
Check out other OWASP projects here or explore ZAP’s docs.
Check out our blog post on how you can mitigate the ten most-found OWASP vulnerabilities in Stack Overflow C++ snippets.
Jit, where Simon is a distinguished engineer, is a DevSecOps platform that allows high-velocity engineering teams to embed security requirements throughout the DevOps workflow. You can explore Jit’s docs here.
Today we’re shouting out the question CSP Alerts by OWASP even though CSP header is added, definitively answered by one Simon Bennetts.
Simon is on LinkedIn and Twitter.the stack overflow podcast
I’d never heard of OWASP so I visited their website. I still don’t know what the heck it is. I started watching the “OWASP in 10” video that seems to be some sort of introduction, but turned it off after listening to them blather for the first minute or so. Ever heard of an elevator pitch?
“I’d never heard of OWASP”
Then you’ve probably been stung (if you’re a web developer). OWASP is not here to serve you; they’re here to help. They might keep you from getting sued (if you’re a web developer) and your users from getting hurt, so it might be worth looking into unless you’re really that entitled.