SummerOfCode/2013/SecurityReport/WeeklyUpdates/2013-06-03

From MozillaWiki
Jump to: navigation, search

This Week

Monday, 03 June

Tuesday, 04 June

Wednesday, 05 June

  • Created a rough phase wise plan of project after discussing with my mentor.
 1. Record different types of security errors from various locations in the browser (such as error console, web console) and display them at a single location.
 2. Create a UI to display security errors. We can first start with an extension and then integrate it into developers tool. Alternatively, we can directly start with integration into developers tool. 
 3. Do a large scale study of web site (for example, Alexa 1M top websites) to check how many sites have security errors or bad practices. Publish our survey result in good venue.
 4. Allow users to take decisions. Infer CSP policy for a website and offer users inferred policy if the website doesn't set a CSP policy.

Thursday, 06 June

The first step to start project is to list down the things that need to be included in security report tool.

  • A list of Security Errors and Warnings that can be included in the security report tool.
  i) CSP violation
  ii) mixed content blocking
  iii) SSL errors
  iV) CORS (Cross Origin Resource Request)

Additional information that can be collected:

  i) http-only field missing
  ii) X-Frame-Options header missing
  iii) HSTS
  iv) CSP header missing

Friday, 07 June