Security/Meetings/Automation/2013-11-19

From MozillaWiki
Jump to: navigation, search

Agenda

  • we really need to find a time that works for all...

Status Updates

  • freddyb
    • makes escape-artist work with handling binary data & innerHTML properly (requires php now)
  • psiinon
    • has been preparing for a talk at appsec USA.
    • has got basic DOM XSS fuzzing happening in ZAP. It's kinda crusty (in mgoodwin's opinion) but that's mostly mgoodwin's fault.
  • mgoodwin
    • Did a crappy XSS bug oracle in the PnH probe.
    • Helped diagnose some bugs in psiinon's code.
    • Did a little work on ringleader impls. of what psiinon has got working with the content probe
    • Has mostly been working on secreviews this week
  • ulfr
    • No recent work on MIG. Worked on Risk Assessment for Mozilla. Goal is to have standard risk levels that we can use in other tools as well.
  • stefan
  • dchan
    • N/A I actually made it to the meeting