From MozillaWiki
Jump to: navigation, search
« previous week | index | next week » Large scan DOM XSS detection


  • Script support for ruby/python implemented via add-ons
  • All other JSR223 langs supported (but requires manual handwaving)
  • ZAP version 2.2.2 released
  • http check add-on updated but not published yet

Julien talked about security report output formats:

Q4 Plans


  • pnh
  • htmlfuzzer thing


  • htmlfuzzer thing
  • scanjs


  • pnh
  • client side scanning
  • privacy scanner
  • Zest phase 2??
  • Zest, CI, API docs, vids
  • SSL checks in ZAP addon - we can (maybe probably) use this in minion
  • Fine grained scan control


  • SSL conf and testing. OCSP stapling, SNI, DH param sizes, etc...
  • MIG, lots of it
  • system sec compliance tests

Stefan - will be looking at 3 things:

  • PnH (stretch goal) - get the changes cleaned up, pushed to ringleader
  • Observatory (mini-minion)
  • Overlord
  • Front end for privacy scans

htmlfuzzerthing feedback

  • mark said it's gonna be called motherfuzzer. all productivity has been ruined :D
  • start prototyping (oh no we still need a name :(()