When I was involved in the Owasp project, it was 2004 and I was pretty new in the Application Security world (now you must use Cyber Security instead).
Since the beginning I loved most spending my time defending source code from being compromised. For sure I was able, and still I am, to perform a penetration test, but I loved more to review the code and improve it with security patches.
I never trusted tools that much, but for code reviews you must starting from somewhere and a tool is helping you in finding where you have to spent your next days and nights spotting security issues and finding a way to mitigate them.
So Owasp Orizon was born. The tool started gaining a bit of popularity among the security community but in 2010 I stopped working on it. There were very stressful years, either for personal issues rather than professional ones.
Now, in 2016, after I successfully started a similar tool for Ruby language, Dawnscanner, I found it’s time to bring Orizon back to the community. No fanfares, no great promises, no bullet points describing new features.
The Owasp ZAP project needs its companion tool for static analysis and it’s time to give people what they need…