OWASP ZAP -> ZAP

CONTRIBUTING.md

@@ -606,7 +606,7 @@ Here are some other tools we sometimes use for checking quality or security,
 though they are not currently integrated
 into the default "rake" checking task:
 
-* OWASP ZAP web application security scanner.
+* ZAP web application security scanner.
   You are encouraged to use this and other web application scanners to find and
   fix problems.
 * Google Chrome auditor.  View a web page, then select menu / more tools /

app/views/static_pages/home.html.erb

@@ -96,7 +96,7 @@
                       alt: 'GnuPG', title: 'GnuPG' %></a>
       <a href="<%= projects_dir %>/24" class="earner-logo">
         <%= image_tag 'project-logos/ZAP.png', width: 48, height: 48,
-                      alt: 'OWASP ZAP', title: 'OWASP ZAP' %></a>
+                      alt: 'ZAP', title: 'ZAP' %></a>
       <a href="<%= projects_dir %>/249" class="earner-logo">
         <%= image_tag 'project-logos/gnu.png', width: 50, height: 48,
                       alt: 'GNU Make', title: 'GNU Make' %><span

config/locales/translation.ja.yml

@@ -1037,7 +1037,7 @@ ja:
           動的解析ツールは、ソフトウェアを特定の入力で実行して検査します。たとえば、プロジェクトは、ファジングツール（<a
           href="http://lcamtuf.coredump.cx/afl/">アメリカンファジーロップ</a>など）やウェブ
           アプリケーション スキャナ（例：<a href="https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project">
-          OWASP ZAP </a>または<a href="https://w3af.org/"> w3af </a>）です。場合によっては、<a
+          ZAP </a>または<a href="https://w3af.org/"> w3af </a>）です。場合によっては、<a
           href="https://github.com/google/oss-fuzz#introduction">
           OSS-Fuzz </a>プロジェクトがプロジェクトにファズテストを適用する可能性があります。この基準のために、動的分析ツールは、様々な種類の問題を探すために何らかの方法で入力を変更するか<em>または</em>少なくとも80％のブランチ
           カバレッジを持つ自動テスト スイートである必要があります。 <a href="https://en.wikipedia.org/wiki/Dynamic_program_analysis">動的解析に関するWikipediaのページ</a>と<a
@@ -1811,4 +1811,4 @@ ja:
       </ol>
     self_certification_p01_html: <h3 id="criteria_self_certification">なぜ自己認証なのか？</h3>
     self_certification_p02_html: >-
-      <p> 私たちが自己認証を採用した理由は、多くのプロジェクト（小さなプロジェクトであっても）が参加できるようにするためです。何百万ものFLOSSプロジェクトがあり、サードパーティにお金を払って個々に評価することはできません。プロジェクトが虚偽の主張をするリスクはありますが、そのリスクは小さく、ユーザーが自分で主張を確認でき、虚偽の主張を無効にすることができます。また、自動化を使用して虚偽の主張を無効にできるため、結果に自信を持つことができます。</p>
+      <p> 私たちが自己認証を採用した理由は、多くのプロジェクト（小さなプロジェクトであっても）が参加できるようにするためです。何百万ものFLOSSプロジェクトがあり、サードパーティにお金を払って個々に評価することはできません。プロジェクトが虚偽の主張をするリスクはありますが、そのリスクは小さく、ユーザーが自分で主張を確認でき、虚偽の主張を無効にすることができます。また、自動化を使用して虚偽の主張を無効にできるため、結果に自信を持つことができます。</p>

config/locales/translation.zh-CN.yml

@@ -883,7 +883,7 @@ zh-CN:
         details: >-
           动态分析工具通过执行特定输入来检查软件。例如，项目可以使用模糊工具（例如，<a href="http://lcamtuf.coredump.cx/afl/">
           American Fuzzy Lop </a>）或Web应用扫描程序（例如，<a href ="https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project">
-          OWASP ZAP </a>或<a href="http://w3af.org/"> w3af </a>）。在某些情况下，<a
+          ZAP </a>或<a href="http://w3af.org/"> w3af </a>）。在某些情况下，<a
           href="https://github.com/google/oss-fuzz#introduction">
           OSS-Fuzz </a>项目可以对您的项目应用模糊测试。为满足此条款，动态分析工具需要以某种方式改变输入，以寻找各种问题，或者将其作为一个具有至少80％分支覆盖率的自动测试套件。
           <a href="https://en.wikipedia.org/wiki/Dynamic_program_analysis">动态分析维基百科页面</a>和<a
@@ -1485,4 +1485,4 @@ zh-CN:
     criteria_why_p04_html:
     criteria_why_p05_html:
     self_certification_p01_html: <h3 id="criteria_self_certification">为什么要自我认证？</h3>
-    self_certification_p02_html:
+    self_certification_p02_html:

criteria/criteria.yml

@@ -1396,7 +1396,7 @@
             more contributors have an increased likelihood of continuing.
             <a href="http://www.alluxio.org/docs/master/en/Contributing-to-Alluxio.html">Alluxio uses SMALLFIX</a>
             and
-            <a href="https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug">OWASP ZAP uses IdealFirstBug</a>.
+            <a href="https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug">ZAP uses IdealFirstBug</a>.
             This is related to criterion installation_development_quick.
       - require_2FA:
           category: MUST

docs/criteria.md

@@ -456,7 +456,7 @@ There is an implied criterion that we should mention here:
 
 <ul>
 
-<li><a name="dynamic_analysis"></a>It is SUGGESTED that at least one dynamic analysis tool be applied to any proposed major production release of the software before its release. <sup>[<a href="#dynamic_analysis">dynamic_analysis</a>]</sup><dl><dt><i>Details</i>:<dt> <dd>A dynamic analysis tool examines the software by executing it with specific inputs. For example, the project MAY use a fuzzing tool (e.g., <a href="http://lcamtuf.coredump.cx/afl/">American Fuzzy Lop</a>) or a web application scanner (e.g., <a href="https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project">OWASP ZAP</a> or <a href="https://w3af.org/">w3af</a>). In some cases the <a href="https://github.com/google/oss-fuzz#introduction">OSS-Fuzz</a> project may be willing to apply fuzz testing to your project. For purposes of this criterion the dynamic analysis tool needs to vary the inputs in some way to look for various kinds of problems <em>or</em> be an automated test suite with at least 80% branch coverage. The <a href="https://en.wikipedia.org/wiki/Dynamic_program_analysis">Wikipedia page on dynamic analysis</a> and the <a href="https://www.owasp.org/index.php/Fuzzing">OWASP page on fuzzing</a> identify some dynamic analysis tools. The analysis tool(s) MAY be focused on looking for security vulnerabilities, but this is not required.</dd><dt><i>Rationale</i>:<dt> <dd>Static source code analysis and dynamic analysis tend to find different kinds of defects (including defects that lead to vulnerabilities), so combining them is more likely to be effective. For example, <a href="https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1513352.html">Linus Torvalds' "Linux 4.14-rc5" announcement (October 15, 2017)</a> notes that "(people are doing) random fuzzing... and it's finding things...  Very nice to see."
+<li><a name="dynamic_analysis"></a>It is SUGGESTED that at least one dynamic analysis tool be applied to any proposed major production release of the software before its release. <sup>[<a href="#dynamic_analysis">dynamic_analysis</a>]</sup><dl><dt><i>Details</i>:<dt> <dd>A dynamic analysis tool examines the software by executing it with specific inputs. For example, the project MAY use a fuzzing tool (e.g., <a href="http://lcamtuf.coredump.cx/afl/">American Fuzzy Lop</a>) or a web application scanner (e.g., <a href="https://www.zaproxy.org">ZAP</a> or <a href="https://w3af.org/">w3af</a>). In some cases the <a href="https://github.com/google/oss-fuzz#introduction">OSS-Fuzz</a> project may be willing to apply fuzz testing to your project. For purposes of this criterion the dynamic analysis tool needs to vary the inputs in some way to look for various kinds of problems <em>or</em> be an automated test suite with at least 80% branch coverage. The <a href="https://en.wikipedia.org/wiki/Dynamic_program_analysis">Wikipedia page on dynamic analysis</a> and the <a href="https://www.owasp.org/index.php/Fuzzing">OWASP page on fuzzing</a> identify some dynamic analysis tools. The analysis tool(s) MAY be focused on looking for security vulnerabilities, but this is not required.</dd><dt><i>Rationale</i>:<dt> <dd>Static source code analysis and dynamic analysis tend to find different kinds of defects (including defects that lead to vulnerabilities), so combining them is more likely to be effective. For example, <a href="https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1513352.html">Linus Torvalds' "Linux 4.14-rc5" announcement (October 15, 2017)</a> notes that "(people are doing) random fuzzing... and it's finding things...  Very nice to see."
 </dd></dl></li>
 
 <li><a name="dynamic_analysis_unsafe"></a>It is SUGGESTED that if the software produced by the project includes software written using a memory-unsafe language (e.g., C or C++), then at least one dynamic tool (e.g., a fuzzer or web application scanner) be routinely used in combination with a mechanism to detect memory safety problems such as buffer overwrites. If the project does not produce software written in a memory-unsafe language, choose "not applicable" (N/A). (N/A allowed.) <sup>[<a href="#dynamic_analysis_unsafe">dynamic_analysis_unsafe</a>]</sup><dl><dt><i>Details</i>:<dt> <dd>Examples of mechanisms to detect memory safety problems include <a href="https://github.com/google/sanitizers/wiki/AddressSanitizer">Address Sanitizer (ASAN)</a> (available in GCC and LLVM), <a href="https://clang.llvm.org/docs/MemorySanitizer.html">Memory Sanitizer</a>, and <a href="http://valgrind.org/">valgrind</a>. Other potentially-used tools include <a href="https://clang.llvm.org/docs/ThreadSanitizer.html">thread sanitizer</a> and <a href="https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html">undefined behavior sanitizer</a>. Widespread assertions would also work.</dd></dl></li>

docs/implementation.md

@@ -231,7 +231,7 @@ Put the image in "app/assets/images/project-logos-originals",
 copy it to "app/assets/images/project-logos" and rescale to 48 pixels high,
 and modify the home page text "app/views/static_pages/home.html.erb".
 
-Here's an example of how we got the OWASP ZAP logo into the originals
+Here's an example of how we got the ZAP logo into the originals
 directory:
 
 ~~~sh
@@ -1111,7 +1111,7 @@ ALL_DETECTIVES =
 
 ## Analysis
 
-We use the OWASP ZAP web application scanner to find potential
+We use the ZAP web application scanner to find potential
 vulnerabilities.
 This lets us fulfill the "dynamic analysis" criterion.
 

docs/other.md

@@ -1495,7 +1495,7 @@ but we discussed possibly upgrading them.
     contributors have an increased likelihood of continuing.
     <a href="http://www.alluxio.org/docs/master/en/Contributing-to-Alluxio.html">Alluxio uses SMALLFIX</a>
     and
-    <a href="https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug">OWASP ZAP uses IdealFirstBug</a>.
+    <a href="https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug">ZAP uses IdealFirstBug</a>.
     This is related to criterion installation_development_quick.
 
 *   <a name="require_2FA"></a>