Merge pull request #1045 from OWASP/kingthorin-patch-1

Update bugbounty.md- Remove ZAP
OWASP · Jan 20, 2025 · ab06a9e · ab06a9e
2 parents 3bd3157 + 1124d76
commit ab06a9e
Showing 1 changed file with 0 additions and 29 deletions.
diff --git a/pages/initiatives/bugbounty.md b/pages/initiatives/bugbounty.md
@@ -9,35 +9,6 @@ permalink: /initiatives/bugbounty/
 
 OWASP Bug Bounty programs are run different from most traditional Bug Bounties. First of all, the applications to be tested are not available as deployed web applications online. For this part you will need to download the applications and deploy or install them on your computer. The following is a guideline for each bug bounty program we are running:
 
-# OWASP ZAP Bug Bounty
-The OWASP ZAP Bug Bounty program can be found [here](https://bugcrowd.com/owaspzap).
-
-OWASP ZAP is a client application written in JAVA. Therefore is important that you keep in mind the scope of the bounty.
-[Download](https://www.zaproxy.org/download/) the latest version and install it on your computer.
-
-## Bug Bounty Tips
-
-### Check the Code
-OWASP ZAP is an open source application, meaning that you have access to the source code and you can debug it while testing it. This offers you a much better view of what is happening, but also, you have the ability to white-test the application and find out vulnerable Java Methods faster than the Blackbox approach.
-
-You will need to run ZAP within a Java IDE like Eclipse. The easiest way to get ZAP running this way is to follow these instructions [here](https://www.zaproxy.org/docs/developer/) or follow these videos:
-
-- [OWASP ZAP for Developers - Building ZAP - Part 1](https://www.youtube.com/watch?v=1UsH1jSnE3c)
-- [OWASP ZAP for Developers - Building ZAP - Part 2](https://www.youtube.com/watch?v=qhm1g1klyas)
-- [OWASP ZAP for Developers - Building ZAP - Part 3](https://www.youtube.com/watch?v=xevZ7n7ETMI)
-- [OWASP ZAP for Developers - Build ZAP from Eclipse - Part 4](https://www.youtube.com/watch?v=n9mQASWRcps)
-
-You can also use STATS analysis tools that might unmask vulnerable methods.
-
-ZAP source code can be found [here](https://github.com/zaproxy/zaproxy/).
-
-### Scope
-
-Any design or implementation issue that is reproducible and substantially affects the security of ZAP users is likely to be in scope for the program, but in particular:
-
-- Remote code execution
-- Unauthorized API actions
-
 # OWASP CRSFGuard Bug Bounty
 OWASP CRSFGuard Bug Bounty program can be found [here](https://bugcrowd.com/owaspcrsfguard).