Security/Meetings/Automation/2013-10-02

From MozillaWiki
Jump to: navigation, search
« previous week | index | next week »

http://ben-stock.de/wp-content/uploads/domxss.pdf Large scan DOM XSS detection http://code.google.com/p/wavsep/

ZAP

  • Script support for ruby/python implemented via add-ons
  • All other JSR223 langs supported (but requires manual handwaving)
  • ZAP version 2.2.2 released
  • http check add-on updated but not published yet

Julien talked about security report output formats:

Q4 Plans

mgoodwin

  • pnh
  • htmlfuzzer thing

freddy

  • htmlfuzzer thing
  • scanjs

simon

  • pnh
  • client side scanning
  • privacy scanner
  • Zest phase 2??
  • Zest, CI, API docs, vids
  • SSL checks in ZAP addon - we can (maybe probably) use this in minion
  • Fine grained scan control

ulfr

  • SSL conf and testing. OCSP stapling, SNI, DH param sizes, etc...
  • MIG, lots of it
  • system sec compliance tests

Stefan - will be looking at 3 things:

  • PnH (stretch goal) - get the changes cleaned up, pushed to ringleader
  • Observatory (mini-minion)
  • Overlord
  • Front end for privacy scans

htmlfuzzerthing feedback

  • mark said it's gonna be called motherfuzzer. all productivity has been ruined :D
  • start prototyping (oh no we still need a name :(()