Agenda

• status updates
• discussions

Zest examples

• https://github.com/mozilla/zest/wiki/exampleBodgeitRegXSS
• https://github.com/mozilla/zest/blob/master/examples/BodgeIt_Register_XSS.zst

Yara example:

• http://plusvic.github.io/yara/

Status Updates

• freddyb
  • bugfixing, yay \\o \o/ o//
• mgoodwin
  • DOM XSS testcase generator
  • More work on lyrefuzz harness (lots of problems with webdriver - in process of rewriting)
• psiinon
  • ZAP plugable reports plus misc stuff
  • Prep for Oracle webcast and StudentHack
  • ZAP 2.3 planned for mid feb http://code.google.com/p/zaproxy/issues/list?q=label:Version-2.3.0
  • ZAP 2 hour course? OWASP Austin
  • GSoC 2014!
• ulfr
  • Cipherscan
    • new version supports STARTTLS and CHACHA20
    • https://github.com/jvehent/cipherscan
    • https://chromium.googlesource.com/chromium/deps/openssl/
    • chrome to move from NSS to openssl in the future https://docs.google.com/a/mozilla.com/document/d/1ML11ZyyMpnAr6clIAwWrXD53pQgNR-DppMYwt9XvE6s/edit#heading=h.kppc0tyfzf0n
  • MIG
    • lots of work on action format with kang
    • is this self explanatory? https://dpaste-bkero.paas.allizom.org/E2IY
    • ideas for a conditional syntax: if CHECK1 and CHECK2 or CHECK3 or CHECK 1 and CHECK3
  • JSON logging standard
    • https://mana.mozilla.org/wiki/display/SECURITY/JSON+logging+standard
• dchan
• jeff
• arroway: