* difficulty: high
* language: english or german
[https://github.com/mozilla/scanjs ScanJS] is a JavaScript source code analyzer written in JavaScript. It helps reviewing and testing open web apps for security vulnerabilities. The goal of this project is to contribute to ScanJS by taking some [https://github.com/mozilla/scanjs/issues known issues] and improve the tool's capabilities. Students are also encourage encouraged to explore areas of Javascript static analysis and contribute their findings to ScanJS. You can test ScanJS is testable at this [http://mozilla.github.io/scanjs/client/ demo page] by uploading a JS JavaScript file (or a ZIP file containing multiple JS files- like Firefox OS apps).
==== OWASP ZAP: Scripted Add-ons ====