Tag: History

I’ve always had side projects but at that time I had never contributed to open source. I decided it was a good time to start contributing, so I looked around for an open source security tool with an active community.

Unfortunately I couldn’t find one.

OWASP had WebScarab, but I didn’t really get on with that, and in any case development on that seemed to have stopped. The tool I most liked was called Paros Proxy - it was simple, effective and did what I needed. It was also written in Java so it wasn’t long before I pulled it into Eclipse and started making some tweaks.

In 2009 I was a Java developer / team leader and led a small team which developed an online service for a major accounting software company.

As this service was considered to be security critical I insisted that an external pentest team was hired to ensure the software was suitably secure. To be honest I wasn’t too worried as we had seriously considered security throughout the process so I was fairly confident that the report would just show what a good job we had done.

While I was still finalising the first ZAP release someone else beat me to it 😟.

After years of being neglected, Paros was also forked by Axel Neumann who called his version AndiParos.

I’ll have to admit that I was very disheartened and seriously considered abandoning my plans for ZAP.

I find naming things hard. It is easier if the tool has a very specific purpose, but ZAP has lots of uses.

When I was a developer I always wrote command line scripts. If I thought I might need them again then I would call them something sensible, something that would help me find them again. But I also wrote one off scripts that I knew I would never use again. I always ended up calling those scripts “zap” or “pow” - think of cartoons: “ZAP! POW!” I struggled with names for my fork of paros proxy and I kept on thinking of those two options.