DownloadNet VS ZAP

For anyone who uses Chrome and wants to view their archived pages in the browser as if they were still online (URL and everything intact), and also full-text search through their browsing history that was archived (like AB plans to add in future, I think, right nikki?) you can check out DownloadNet: https://github.com/dosyago/DownloadNet

You can have multiple archives, and even use a mode where you only archive pages you bookmark rather than everything.

This does look cool. It reminds me of a recent discovery I made. The other day, while trying to recover some disk space, I found a giant file on my hard disk. It turned out to be a nine-hour screen recording from almost a year ago. I had no idea it existed, so I must’ve accidentally left the screen recording on. Watching it was fascinating; it was like a window into my thought process at that time. You could see how I was researching something online. It was almost like a play-by-play, akin to re-watching a sports performance – very instructive and surprisingly useful.

In a similar vein to what you’ve done, but focusing specifically on web browsing, I’ve created a tool called ‘DownloadNet.’ It archives for offline use and fully indexes every page you visit. Additionally, it can be configured to archive only the pages you bookmark, offering another mode of operation. It’s an open-source tool, so feel free to check it out: https://github.com/dosyago/DownloadNet

Given that I directly work in this space I found the article's synthesis of a range of ideas about browser innovation to be highly relevant.

More generally, the article is actually extremely interesting and examines a bunch of ideas worthy of consideration if you're interested in the future of web browsing.

Perhaps none of the ideas are new in isolation, but it's encouraging that people are doing this foundational conceptual work and imagining where a synthesis of them would go.

Despite being interesting somehow on the page it was not so easy to read. Here's a summary of key ideas:

Stagnation in Browser Evolution: Berjon notes that despite being central to the web's architecture, browsers haven't changed much in their fundamental design for a long time. They have undergone incremental changes but the core concept remains largely the same as it was decades ago.

Reimagining Browsers: He suggests that to increase user agency—a principle that the web should empower users—we need to consider major overhauls to what a browser is and how it operates.

Integration of Search and Social: Berjon challenges the traditional separation of browsers, search engines, and social platforms. He advocates for an integrated approach where the browser encompasses these functions, aligning more closely with users' experiences and expectations.

Shift From Client to Agent: The author proposes rethinking the browser not just as a client for retrieving documents but as an "agent" that provides a variety of services, potentially including server-like functions, to empower users.

User Agency and Personal Data Servers: By incorporating elements such as Personal Data Servers (PDS), users could manage their own data and services like recommendations, identity, and subscriptions, which currently rely on third-party providers.

Tab Management: Berjon critiques the use of tabs, suggesting that they are an ineffective method for organizing and interacting with web content, and advocates for better UI solutions.

Business Models: He delves into the financial aspects of browsers, highlighting the significant profits derived from setting search engine defaults. Berjon argues for reinvestment of these profits into the web as a public good and for developing business models that truly benefit user agency.

Potential for Change: Despite the challenges, Berjon is optimistic about the possibility of change, noting that there is room for product differentiation and that financial incentives can drive innovation in the browser space.

I found the one about User Agency and Personal Data Servers particularly fascinating. I've been exploring the idea of a federated search engine, where a person curates their own search through their browsing history (and ultimately could share it socially), in DownloadNet: https://github.com/dosyago/DownloadNet

And my company has been developing a platform for building extended and customized browsing experiences and delivering them anywhere. It's my hope that BrowserBox will play a part in the future direction of the browser as user agent. It's open source so if you care about the future of the web, get involved: https://github.com/BrowserBox/BrowserBox :)

If you're interested in utilizing your history information for something in your intentional interests, consider saving an archive of pages you browse to make a search engine you can query back through later.

You can save the full content for indexing with full text search, and you can even export archives as tarballs by zipping up the directory. Many people find this a useful way to "mine" their own browser history to create a curated search engine aligned with your interests. Or simply to save the pages they browse for review offline--either to save bandwidth, or just because they're actually "offline"--at a remote site, or on an airplane.

Everything is saved in a fully interactive way. Personally tho, I find search the most useful feature. Also, we're open source so if you want to get involved, please do so!

https://github.com/dosyago/DiskerNet

If you want full-text-search with archiving check out my project, DiskerNet. https://github.com/dosyago/DiskerNet --> also well done on LinkWarden! Looks like a great product! :)

For archiving, look into https://github.com/dosyago/DiskerNet

It's real next gen thinking on this topic.

As for the featured tool wayback... If HN readers can't figure out what it does after reading docs, its likely the thinking behind it is equally unclear.

I use ZAP [1] with the OAST add-on for this at the moment. I admit the UX isn't perfect, but it serves my purpose.

If I also want control over the responses (e.g. return a 401 status code for every fifth request), I have a custom extender script [2] for that.

[1]: https://www.zaproxy.org/

Implement tools like Burp Suite or OWASP ZAP for in-depth security scanning of your APIs.

OWASP ZAP

The use of capital punctuation implies a warning? an alert? Would this same response be warranted for Burp which is also a commercial, closed source product?

If this is an issue for some, then ZAP being open source[1] maybe favourable.

That said, Burp is the defacto tool for a reason - it's best in class. Every pentester I know, including myself, has a paid subscription. The fact that it's closed source hasn't been an issue.

[1] https://github.com/zaproxy/zaproxy

Briefly reviewed your product. Seems like OWASP ZAP is your competition: https://www.zaproxy.org/

It runs entirely in the browser so it uses the browser "native" frameworks.

Dynamic analysis involves testing your application while it's running. Tools like OWASP ZAP and Burp Suite can help identify vulnerabilities like SQL injection or Cross-Site Scripting by sending malicious requests to your application and analyzing the responses.

> Lying is not an embellishment or puffery, it's a lie. Engaging a company for a 3 day pen test that's totally insufficient, that would be an embellishment.

I agree, but if the RFP question was phrased "have you done penetration testing?" then that leaves a lot of room for embellishment. If the question is "do you have SOC2 certification?" and you answer "yes" untruthfully, then that is a lie. If they ask for the SOC2 or pentest report and you give them a falsified document, that's where you're (probably) committing fraud.

> One of the most important part of pen tests is that they are external.

AWS/Google/etc have internal security teams doing their pen tests, so no, this isn't true.

> Just doing your job as an engineer and looking for bugs is not a pen test.

What about an engineer spending an afternoon running ZAP[0]?

> It's like saying, "what is an audit really? We have accountants and they check our books for anomalies."

Yeah, which is why you don't just ask a company "do you keep track of your finances?" if you're investing in them, you request external auditors.

[0] https://www.zaproxy.org/

In addition to manual security reviews, you can also implement DevSecOps practices to automate security checks. For example, you can set up a CI/CD pipeline to run static code analysis tools like CodeQL and automatically run penetration tests using tools like OWASP ZAP.

OWASP ZAP (open source)

I would start by installing Burp Suite or OWASP Zap and seeing what the actual messages look like