Security/Meetings/Automation/2014-07-08
From MozillaWiki
< Security | Meetings | Automation
Previous Meeting: https://wiki.mozilla.org/Security/Meetings/Automation/2014-07-01 This Meeting: https://wiki.mozilla.org/Security/Meetings/Automation/2014-07-08
Agenda
- Status updates
- last week's items? videur
- csp
Status Updates
- ulfr
- psiinon
- ZAP extension example
- ZAP future plans
- mgoodwin
- PnH probe documentation
- Making ringleader work with beta / aurora / nightly (devtools changes broke stuff)
- Fuzzing bits (working on SPDY bits with a view to HTTP 2.0)
- CSP experiments:
- https://github.com/mozmark/CSP_experiments - me messing around. e.g:
- Build .htaccess files with hash-sources from a number of HTML documents https://github.com/mozmark/CSP_experiments/blob/master/python/sourcery_hash.py
- Move on* stuff to addEventListener (idiotic, do not use) https://github.com/mozmark/CSP_experiments/blob/master/python/l0extract.py
- https://github.com/mozmark/django-csp - me hacking on django-csp
- https://github.com/mozmark/django-csp-example/ - an example of how to use my django-csp bits
- https://github.com/mozmark/CSP_experiments - me messing around. e.g:
- st3fan
- Released new Stooge
- CSP Boogs (mgoodwin found them really)
- Work in progress on CSP Dashboard (multi tenancy)
- Started thinking about an automated ZEST runner (will likely start next week)
- freddy
- little automation work, still deep in fxos 2.0 reviews \o/
- findmydevice
- yvan
- adamm
- HPP fuzzing template
- https://code.google.com/p/zap-extensions/source/browse/branches/beta/src/org/zaproxy/zap/extension/ascanrulesBeta/HPP.java <-- its in beta :)
- https://www.youtube.com/watch?v=dxo6-niEtyE&list=PLpr-xdpM8wG_KHsxepT9o6trkqDELhr3_&index=9 <-- Active scan ++
- darkowlzz
- Zest runner implemented (prototype)
- Zest drag and drop front-end implemented.
- Working on zest editor backend
- Working on zest click and key press listeners