Jit and ZAP: Improved Programming Security

Abstract visualization of web data and hacking

istockphoto / Getty Images

Jet, a startup programming security company, dreaming of being a top security force. To help make those dreams come true, Jet recently hired Simon Bennetts, founder of the world’s most popular web application security scan software, Open a Web Application Security Project (OWASP) Zed Attack Agent (ZAP).

Simon Bennetts, founder of ZAP

Simon Bennetts

At Jit, Bennetts will continue to develop open source Zap. a Dynamic Application Security Test (DAST) A penetration testing tool, ZAP takes a hands-on approach to finding security issues.

Runs simulated attacks on an application on the user side to find vulnerabilities. It acts as a “man-in-the-middle proxy”, so it intercepts and checks messages sent between the browser and the web app. When unexpected results appear, they can be used to narrow down and identify security vulnerabilities. ZAP has already been used as one of Jit’s primary scanning software.

Don’t think now that Git is planning to turn Zap into a commercial program in its own right. Jet’s plan, as it has been from the start, is to offer developers “Just-In-Time Security.” It does this by providing an orchestration framework, and an additional architecture that unites the best open source security tools such as OWASP dependency checkAnd the npm-checkingAnd the GoSecAnd the JetlixAnd the trivialAnd, of course, kick off a simple and consistent developer workflow.

also: Time to stop using C and C++ for new projects, says Microsoft Azure CTO

The point is that “security leaders are adding more tools, faster than their teams can implement, tuning and configuring as risk and spending efficiencies become out of alignment,” said David Melamed, chief technology officer at Git. The solution? “Implement DevSecOps Where product security is delivered as a service in CI/CD pipelinewith the following product security plan silly person principles.”

Where Bennetts sees ZAP as appropriate, Bennetts said in an interview Thursday, “The challenges with modern web applications is that there is a lot that you need to understand to protect them. Code security tools have been very isolated, and we need to combine these tools to give us the full picture.” What needs to be done to secure it.”

He continued, “Sure, developers can set up all these things themselves with open source. But the thing is that there are many tools, and you have to learn about and configure them.

“Or, with Jit, we offer an aggregated, easy-to-use solution that makes it easy for businesses to get on board and get going, these are the things we need; get it, set it up, set it up, and run it to get results with everything in one place.”

In short, Melamed added, “Gate’s vision is to provide developers with contextually relevant and timely access to the knowledge and tools they need to secure the applications they build across the entire application package, all while accelerating the development process.”

also: Chainguard Launches Wolfi, “Not Distributing” Linux

Bennetts could have gone elsewhere. He said, “I’ve considered working with many companies with proprietary products, but my heart is with open source. Fortunately, at Git I have found an amazing team that is deeply committed to open source and empowering developers to build secure applications.”

As for ZAP itself, Bennetts said he and the rest of the development team are working hard on the next release. It will include a faster and improved networking stack that can work with modern protocols such as HTTP/2. Its spiders, which are used to explore applications, will also work better with more web programs and include the ability to work with application programming interfaces (APIs). This upcoming version will be released later this year.

Related stories:

Leave a Reply

Your email address will not be published. Required fields are marked *