Collect and Restore/Implement Quotes

[thc202]

Raised by @kingthorin:

The quotes section of the front page was disabled in: https://github.com/rezen/zaproxy-website/pull/42 as there was only one quote in place (and it might not be the correct location for the content).

Additional quotes should be assembled into: https://github.com/rezen/zaproxy-website/blob/master/site/data/homepage/quotes.yml https://github.com/zaproxy/zaproxy-website/blob/master/site/data/homepage/quotes.yml (The one quote that is already in this file is from the "Key Feature 1" doc previously provided by Diamond Documentation)

Then either re-added to the front page or otherwise leveraged.

The following were from other "Key Feature" docs...

Quotes found today: _{Click the arrow/control to the left to expand}

"Having such a high quality open source and freely-available dynamic application security scanner helps to lower barriers to entry for teams looking to include application security in their DevOps pipelines and should make dynamic scanning in pipelines a must-do rather than a nice-to-do activity.”

Dan Cornell, CTO, Denim Group

“We chose to use OWASP ZAP as the cornerstone of our BDD-Security testing framework for a number of technical and cultural reasons....ZAP has a strong pedigree in the security community with an extremely responsive team and open development process... ZAP’s focus as a tool ...makes it a shoe in for cross functional teams that may not have a security expert on board, but need a tool to integrate security into their build processes.”

Stephen De Vries, Continuum Security Co-Founder and CEO

"The web-based interactive user interface for the API allows DevOps engineers to quickly prototype pipeline-to-API interactions, and the availability of client libraries in a plethora of languages (Java, Python, Node.js, PHP, Ruby) makes ZAP integration approachable for teams with a variety of language skillsets. " 

Dan Cornell, CTO, Denim Group

"ZAP's API-first design and extensibility make it exceptionally powerful when we use it as an integration with continuous security automation tools developed internally. "

Tim Bach, Salesforce, Sr. Product Security Engineer

"...ZAP’s API is lightyears ahead of other competing solutions which was a key factor for us, since automating and controlling ZAP from build scripts and cucumber tests was essential in being able to insert it into CI/CD pipelines. The fact that nearly all of the features are available from the API means that we can make decisions about risk based on individual vulnerabilities rather than trying to parse a report. "

Stephen De Vries, Continuum Security Co-Founder and CEO

"OWASP’s ZAP tool enables developers and security analysts to quickly create and verify hypotheses about the security of a complex web application with a perfect blend of automation and manual utilities."
 
Jeff Williams, CEO, Aspect Security

[kingthorin]

I'd be glad to tackle this if we can decide where we might like them shown.

[kingthorin]

New quote here: https://twitter.com/mttaggart/status/1304092036782407686

[thc202]

I guess this will be superseded with success stories?

[psiinon]

I guess we could also link to things like tweets, but that would be different to the Success Stories...