Changes

Jump to: navigation, search

Security/Automation/WinterOfSecurity2014

459 bytes added, 21:17, 21 April 2014
no edit summary
* language: english or french
Mozilla maintains guidelines for server side configurations of SSL/TLS. The goal of this project is to build a tool that verifies compliance of a configuration with our guidelines, and help the administrators improve their security. It is very similar in philosophy to project like SSL Labs, but with a stronger emphasis on explaining how to reach a better security level, and educating the administrators.
 
=== Security tools ===
==== Improving OpenVPN with better MFA support ====
* Mozilla Advisor: Guillaume Destuynder
* difficulty: medium
* language: english, french
* Required skills: C
 
Mozilla uses OpenVPN with MFA using deferred C plugins and pythons scripts. However, there are several caveats that require non-plugin based modifications, such as OTP client input and session tracking. The modifications will also be sent to the upstream OpenVPN project.
 
=== Risk Management ===
==== A playful way of teaching risk management to individuals ====
Risk management methodologies are numerous, but often regarded by individuals outside of the security community as dull and boring. The goal of this project is to design a way to teach the Mozilla Risk Management program to individuals at Mozilla. This could take the form of a strategy game, or anything that the students think is appropriate. This project has a strong component of creativity, but must also take into account some of the particularities of Mozilla: people are technically minded, work remotely often on video, and care a lot about security and privacy. A successful training program should teach the individual the entire lifecycle of data at Mozilla.
==== An online threat modelling modeling tool ====
* Mozilla Advisor: TBD
* difficulty: medium
Confirm
502
edits

Navigation menu