Obviously the ZAP Core Team is very grateful for this initiative and have been working with StackHawk to make the most of this great opportunity.
As you will see from the main ZAP Fund page there are a set of ZAP issues which now have bounties on them, including some “rolling” issues which we will keep adding until the relevant features have all been implemented.
In order to work on any of these issues you will need to set up a ZAP development environment. Fortunately we have lots of docs to help you do this - see the ZAP Developer Guide.
Just comment on an unassigned issue to reserve it. In order to give everyone a fair chance only one stackhawk-bounty issue will be assigned to any one person at a time.
Many of the initial set of issues are related to the scan rules and the spiders. This is partly because these are relatively self contained, and so should be easier to get to grips with.
They are also easier to test and are covered by some test applications which we are now testing with ZAP every day - the results are on the ZAP Scans page.
In order to help you get started with these 2 areas I have recorded the following videos.
The first one covers all of the ways you can contribute to ZAP, how to set up a ZAP development environment and I walk you through how I improved one of the scan rules:
The second one covers how to improve the standard spider:
We will be setting bounties on more issues as the existing ones are solved.
Some of those will be relatively easy but some will get gradually more complex, and be given a higher bounty. This is to encourage you to keep learning more about the ZAP code base and to become increasingly more proficient with it.
If you have any questions about specific issues then ask those questions on that issue.
Would you like to see more documentation or videos? If so then just get in touch and let us know what you would like to see.