Overview
Zest is an experimental specialized scripting language (also known as a domain-specific language) developed by the Mozilla security team and is intended to be used in web oriented security tools.
The language is written in JSON, but we do not expect people to write Zest in this format - it is designed to be a visual language. The core language does not define any graphical representation - that is expected to be defined by the tools that integrate Zest.
It is completely free, open source and can be included in any tool whether open or closed, free or commercial.
Zest is still at a very early stage of development, but is has been made available so that anyone can play around with it.
All constructive feedback is very welcome.
Anyone can contribute to the onward development of Zest, and teams or individuals who develop security tools are especially welcome to join and help shape Zest's future.
Zest topics
- Usecases
-
Reporting security vulnerabilities to developers
Reporting security vulnerabilities to companies
Defining active and passive scanner rules
Deep integration with security tools - Runtimes
- The runtime environments that support Zest
- Tools
- The tools that include support Zest
- Implementation
- The state of Zest development
- Videos
- Simon demoed Zest at AppSec USA in November 2013, and the full video of my talk is available on YouTube. The Zest part of the talk starts at 23:47.
- More details
-
https://github.com/mozilla/zest - the code on github
http://groups.google.com/group/mozilla-zest - the group used for discussing Zest