Agenda

• [yeukhon] minion documentation
  • https://minion-yeukhon.readthedocs.org/en/latest/
• https://wiki.mozilla.org/Security/Projects/Minion
• UX Mock-up (thanks to my roommate liuliu@mozilla.com)

https://docs.google.com/a/mozilla.com/file/d/0B2Ex96_1KDKGY1gxOHFGOGRMamc/edit?usp=sharing <- please allow comments in the doc (done! try again)

• [psiinon] test vulnerable apps
• plug-n-hack
  • ZAP Add-on
  • Firefox Add-on
  • Kali are interested
  • BURP is going to implemented support
  • aim to announce at AppSecEU
• ZEST
  • runs in ZAP scripting console
  • loops implemented
  • transformations changed to assignments

[ulfr] whattheheck is opsec working on!

• cipherscan https://github.com/jvehent/cipherscan/blob/master/CiphersScan.sh https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=35069456

       [yeukhon]: wonder if we could convert that into a minion plugin :D
       [freddy]: I think we should!

• mig https://github.com/jvehent/mig-modules/

https://code.google.com/p/zap-extensions/source/browse/branches/2.1alpha/alpha/src/org/zaproxy/zap/extension/httpsInfo/SSLServer.java <- the ZAP add-on, which is based on a cmd line tool?

• freddyb: (META) - is this a public meeting, can we share the vidyo url in the #websectools channel (I already shared this etherpad's URL)
  • Yes, but not until the beginning of september. I want to have a consistent meeting format, and then drive 3rd party attendance and participation, but no harm in sharing in channel
• [yeukhon] theXman in #websectools is trying to incorporate his project into minion.We asked him to wait until yvan / st3fan is back.