Zest

Overview

Zest is an experimental specialized scripting language (also known as a domain-specific language) developed by the Mozilla security team and is intended to be used in web oriented security tools.
The language is written in JSON, but we do not expect people to write Zest in this format - it is designed to be a visual language. The core language does not define any graphical representation - that is expected to be defined by the tools that integrate Zest.
It is completely free, open source and can be included in any tool whether open or closed, free or commercial.

Zest is still at a very early stage of development, but is has been made available so that anyone can play around with it.
All constructive feedback is very welcome.
Anyone can contribute to the onward development of Zest, and teams or individuals who develop security tools are especially welcome to join and help shape Zest's future.

Zest topics

Usecases
Reporting security vulnerabilities to developers
Reporting security vulnerabilities to companies
Defining active and passive scanner rules
Deep integration with security tools
Runtimes
The runtime environments that support Zest
Tools
The tools that include support Zest
Implementation
The state of Zest development
Videos
Simon demoed Zest at AppSec USA in November 2013, and the full video of my talk is available on YouTube. The Zest part of the talk starts at 23:47.
More details
https://github.com/mozilla/zest - the code on github
http://groups.google.com/group/mozilla-zest - the group used for discussing Zest

 

Document Tags and Contributors

Tags: 
 Contributors to this page: teoli, psiinon, robocoder, ethertank
 Last updated by: psiinon,