-
-
Notifications
You must be signed in to change notification settings - Fork 36
Home
Zest is a specialized scripting language developed by the Mozilla security team and is intended to be used in web oriented security tools.
It is completely free, open source and can be included in any tool whether open or closed, free or commercial.
Version 1 of Zest:
- Is aimed at creating scripts for reproducing basic security vulnerabilities
- Includes a Java reference implementation
- Has been included in a proof-of-concept OWASP ZAP add-on
Zest scripts are written in JSON, but the expectation is that scripts will be written using graphical interfaces.
While Zest can have many uses we have focused on one particular use case for the first version: reproducing security vulnerabilities
For some examples of Zest scripts see: Zest Examples
For details of the Zest Java reference implementation see: Java Reference Implementation
For more technical details about Zest see: Zest Core.
The first version of Zest is intentionally very basic. Future versions of Zest are planned which will significantly increase the scope of the language.
The java reference implementation for the first phase is complete .. but right now the documentation is rather sparse - thats work in progress ;)
There is, however, an OWASP ZAP add-on which provides a UI for creating and running Zest scripts: https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsZestZest
Anyone can contribute to the onward development of Zest, and teams or individuals who develop security tools are especially welcome to join and help shape Zest's future.
And all constructive feedback is very welcome.