QuestionnaireAnalysis

Jump to bottom

psiinon edited this page Jun 4, 2015 · 1 revision

Questionnaire Analysis

A manually maintained page summarising some of the feedback from the user questionnaire.

Hardest to use features.

Feature	Mentions
Fuzzer	XXXXXXXX
API	XXXX
Scanning with auth	XXX
Authentication	XXX
Scope	XX
Websockets	XX
Help	XX
HTTP session	XX
Zest	XX
Brute force	XX
CRSF	X
Port scan	X
Tokengen	X
SSL	X
Session auth	X
Ajax Spider	X
Break/intercept	X
Proxy capture	X
Auto scanning	X
Scripts	X
Interception	X
Choosing port	X
Plug-n-hack	X
Network config	X
Target config	X
Font size	X
.

(Just based on English replies so far).......

What does ZAP do badly.

Feature	Mentions
Reporting	XXXX
Scanning	XXXX
Fuzzing	XXX
SSL handling	XX
Scope	XX
SSL resign	X
Performance	X
API	X
Documentation	X
UI Confusing	X
Start time	X
Spidering	X
Viewstate	X
Memory management	X
Interception	X
Layout	X
Authentication	X
Manual requests	X
More scripts	X
User guide	X
Ajax spider with auth	X
.
.
.
.
.
.

(Just based on English replies so far).......

Whats missing.

Feature	Mentions
Multi-fuzzing	XXX
Better scope	XX
Better reporting	XX
Burp repeater	XX
Scanning with auth	XX
SSL Passthrough	X
HTTP Method rule	X
SSL checking	X
More tools (?)	X
Summary reporting	X
Better API docs	X
Auto exploiter	X
Better 3rd party integration	X
Web service scanning	X
Append null bytes	X
Macros	X
Combined URL/Base64 decoding	X
Framework detection	X
Filter history	X
Keyboard shortcuts	X
External editing	X
Pre/port process	X
Encoder/decoder	X
Layout selection	X
Selenium integration	X
.
.

(Just based on English replies so far)