Summary: <i>"You can't automate all tests. There are a lot of things you can't find automatically. You have to have somebody who knows what they are looking for." -- Simon Bennetts</i> In today's segment, I talk with Simon Bennetts, project lead for the OWASP <a href="https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project">Zed Attack Proxy Project</a> or "ZAP" for short. Simon is working on a user friendly tool for integrated penetration testing of web applications. Our discussion took place at AppSec USA 2013. We begin with an overview of the ZAP project and talk about how it came about. <b>About Simon Bennetts</b> Simon Bennetts (a.k.a. Psiinon) has been developing web applications since 1997, and strongly believes that you cannot build secure web applications without knowing how to attack them. He works for Mozilla as part of their Security Team. Some of the projects Simon works on: -- OWASP Zed Attack Proxy project lead -- OWASP Vulnerable Web Applications Directory Project joint project lead -- Mozilla Zest project lead -- Mozilla Plug-n-Hack joint project lead -- Bodge It Store project lead -- OWASP Web Application Security Testing Cheat Sheet joint author -- OWASP AppSensor contributor -- wavsep contributor -- OWASP Data Exchange Format project lead (currently inactive)
