Connect with us

Computing

Jit and ZAP: Improving programming security

Published

on

ADVERTISEMENT

Abstract visualization of web data and hacking

istockphoto / Getty Images

Jit, an emerging software security company, dreams of being a top security force. To help make these dreams a reality, Jet recently hired Simon Bennetts, founder of the world’s most popular web application security scanning program, Open Web Application Security Project (OWASP) Zed Attack Proxy (ZAP).

Simon Bennetts, founder of ZAP

Simon Bennetts

At Jit, Bennetts will continue to develop open source Zap. Dynamic Penetration Testing Tool for Application Security Testing (DAST), ZAP takes a hands-on approach to finding security issues.

Runs simulated attacks on an application on the user side to find vulnerabilities. It acts as a “man-in-the-middle proxy”, so it intercepts and checks messages sent between the browser and the web app. When unexpected results appear, they can be used to narrow down and identify security vulnerabilities. ZAP has already been used as one of Jit’s primary scanning software.

Don’t think now that Git is planning to turn Zap into a commercial program in its own right. Jet’s plan, as it has been from the start, is to offer developers “Just-In-Time Security.” It does this by providing a concurrency framework, and plug-in architecture that unites the best open source security tools like OWASP Dependency-Check, npm-Audit, GoSec, Gitleaks, Trivy and of course Zap into a simple and consistent developer workflow.

also: Time to stop using C and C++ for new projects, says Microsoft Azure CTO

The point is that “security leaders are adding more tools, faster than their teams can implement, tuning and configuring as risk and spending efficiencies become out of alignment,” said David Melamed, chief technology officer at Git. The solution? “Implementing DevSecOps where product security as a service is delivered in the CI/CD pipeline, with a product security plan that follows Git principles.”

Where Bennetts sees ZAP as appropriate, Bennetts said in an interview Thursday, “The challenges with modern web applications is that there is a lot that you need to understand to protect them. Code security tools have been very isolated, and we need to combine these tools to give us the full picture.” What needs to be done to secure it.”

Advertisements

He continued, “Sure, developers can set up all these things themselves with open source. But the thing is that there are many tools, and you have to learn about and configure them.

“Or, with Jit, we offer an aggregated, easy-to-use solution that makes it easy for businesses to get on board and get going, these are the things we need; get it, set it up, set it up, and run it to get results with everything in one place.”

In short, Melamed added, “Gate’s vision is to provide developers with contextually relevant and timely access to the knowledge and tools they need to secure the applications they build across the entire application package, all while accelerating the development process.”

also: Chainguard Launches Wolfi, “Not Distributing” Linux

Bennetts could have gone elsewhere. He said, “I’ve considered working with many companies with proprietary products, but my heart is with open source. Fortunately, at Git I have found an amazing team that is deeply committed to open source and empowering developers to build secure applications.”

As for ZAP itself, Bennetts said he and the rest of the development team are working hard on the next release. It will include a faster and improved networking stack that can work with modern protocols such as HTTP/2. Its spiders, which are used to explore applications, will also work better with more web programs and include the ability to work with application programming interfaces (APIs). This upcoming version will be released later this year.

Related stories:

ADVERTISEMENT

Click to comment

Leave a Reply

Your email address will not be published.

Trending

Advertisements

Copyright © 2022 strongbat.com. Theme by The Nitesh Arya.