Minion Web UI

Overview

The Web UI is responsible for:

• Generating the web UI (not surprisingly)
• Authenticating and managing users and user sessions

Notes

• Log in using Persona (BrowserID) (can be restricted by domain for use on central server by organizations)
• Menu -> New Scan, Running Scans, Completed Scans
  • Future: Group Scans (member of groups, permissions, see other scans by group members/project)
• New Scan
  • Basic: URL, Port
  • Advanced: Login information, technologies used (customize scan such as SQLmap for SQL)
  • Future: Scan type based on plugin (web app, client code, etc)

It should maintain as little data in memory as possible - all data should be retrieved from the Task Engine (and/or db?). This will allow us to run multiple Web UI servers for one service.

Questions

• Should this also provide a REST based API, or will we rely on the one implemented by the Task Engine?
• Will it need access to the db or will it get all data from the Task Engine?
  • Answer: it will need its own db for storing user and session details