Security/Meetings/Automation/2013-10-02
From MozillaWiki
< Security | Meetings | Automation
http://ben-stock.de/wp-content/uploads/domxss.pdf Large scan DOM XSS detection http://code.google.com/p/wavsep/
ZAP
- Script support for ruby/python implemented via add-ons
- All other JSR223 langs supported (but requires manual handwaving)
- ZAP version 2.2.2 released
- http check add-on updated but not published yet
Julien talked about security report output formats:
- a first stab at the work week with yvan
- more on etherpad: https://security.etherpad.mozilla.org/SecurityAutomationReports
Q4 Plans
mgoodwin
- pnh
- htmlfuzzer thing
freddy
- htmlfuzzer thing
- scanjs
simon
- pnh
- client side scanning
- privacy scanner
- Zest phase 2??
- Zest, CI, API docs, vids
- SSL checks in ZAP addon - we can (maybe probably) use this in minion
- Fine grained scan control
ulfr
- SSL conf and testing. OCSP stapling, SNI, DH param sizes, etc...
- MIG, lots of it
- system sec compliance tests
Stefan - will be looking at 3 things:
- PnH (stretch goal) - get the changes cleaned up, pushed to ringleader
- Observatory (mini-minion)
- Overlord
- Front end for privacy scans
htmlfuzzerthing feedback
- mark said it's gonna be called motherfuzzer. all productivity has been ruined :D
- start prototyping (oh no we still need a name :(()
