Confirmed users
529
edits
Security/Automation/Winter Of Security 2016: Difference between revisions
Jump to navigation
Jump to search
Security/Automation/Winter Of Security 2016 (view source)
Revision as of 08:55, 17 June 2016
, 17 June 2016→Projects
| Line 57: | Line 57: | ||
* Mentors: [https://mozillians.org/en-US/u/mgoodwin/ Mark Goodwin], [https://mozillians.org/en-US/u/psiinon/ Simon Bennetts] | * Mentors: [https://mozillians.org/en-US/u/mgoodwin/ Mark Goodwin], [https://mozillians.org/en-US/u/psiinon/ Simon Bennetts] | ||
=== NSS Demos === | === NSS: Demos === | ||
* Mentors: [https://mozillians.org/en-US/u/franziskus/ Franziskus Kiefer], [https://mozillians.org/en-US/u/ttaubert/ Tim Taubert], [https://mozillians.org/en-US/u/jcjones/ JC Jones] | * Mentors: [https://mozillians.org/en-US/u/franziskus/ Franziskus Kiefer], [https://mozillians.org/en-US/u/ttaubert/ Tim Taubert], [https://mozillians.org/en-US/u/jcjones/ JC Jones] | ||
| Line 63: | Line 63: | ||
In this project a suite of NSS demos should be compiled (ideally web executable using something like [https://runnable.io Runnable]) as reference for developers that want to use the library. | In this project a suite of NSS demos should be compiled (ideally web executable using something like [https://runnable.io Runnable]) as reference for developers that want to use the library. | ||
=== | === NSS: Server integration === | ||
* Mentors:[https://mozillians.org/en-US/u/franziskus/ Franziskus Kiefer], [https://mozillians.org/en-US/u/ttaubert/ Tim Taubert], [https://mozillians.org/en-US/u/jcjones/ JC Jones] | * Mentors:[https://mozillians.org/en-US/u/franziskus/ Franziskus Kiefer], [https://mozillians.org/en-US/u/ttaubert/ Tim Taubert], [https://mozillians.org/en-US/u/jcjones/ JC Jones] | ||
| Line 70: | Line 70: | ||
This project should identify those problems, fix them, and provide integration for all major HTTP server. | This project should identify those problems, fix them, and provide integration for all major HTTP server. | ||
=== SHA-3 Implementation | === NSS: SHA-3 Implementation === | ||
* Mentors: [https://mozillians.org/en-US/u/franziskus/ Franziskus Kiefer], [https://mozillians.org/en-US/u/ttaubert/ Tim Taubert], [https://mozillians.org/en-US/u/jcjones/ JC Jones] | * Mentors: [https://mozillians.org/en-US/u/franziskus/ Franziskus Kiefer], [https://mozillians.org/en-US/u/ttaubert/ Tim Taubert], [https://mozillians.org/en-US/u/jcjones/ JC Jones] | ||
| Line 76: | Line 76: | ||
This project should provide basic SHA-3 support for [https://nss-crypto.org/ NSS]. | This project should provide basic SHA-3 support for [https://nss-crypto.org/ NSS]. | ||
=== Formal Verification | === NSS: Formal Verification === | ||
* Mentors: [https://mozillians.org/en-US/u/ttaubert/ Tim Taubert], [https://mozillians.org/en-US/u/franziskus/ Franziskus Kiefer], [https://mozillians.org/en-US/u/jcjones/ JC Jones] | * Mentors: [https://mozillians.org/en-US/u/ttaubert/ Tim Taubert], [https://mozillians.org/en-US/u/franziskus/ Franziskus Kiefer], [https://mozillians.org/en-US/u/jcjones/ JC Jones] | ||
This project should formally verify implementations (or parts of) of e.g. ciphers, the TLS protocol, libmpi, libec in the [https://nss-crypto.org/ NSS] library. | This project should formally verify implementations (or parts of) of e.g. ciphers, the TLS protocol, libmpi, libec in the [https://nss-crypto.org/ NSS] library. | ||
=== NSS TLS Interop === | === NSS: TLS Interop === | ||
* Mentors: [https://mozillians.org/en-US/u/ttaubert/ Tim Taubert], [https://mozillians.org/en-US/u/jcjones/ JC Jones], [https://mozillians.org/en-US/u/franziskus/ Franziskus Kiefer] | * Mentors: [https://mozillians.org/en-US/u/ttaubert/ Tim Taubert], [https://mozillians.org/en-US/u/jcjones/ JC Jones], [https://mozillians.org/en-US/u/franziskus/ Franziskus Kiefer] | ||
| Line 91: | Line 91: | ||
This project would work on improving the scalability and feature set of ssh_scan, a tool for scanning for ssh policy and compliance (mainly attributes found here https://github.com/claudijd/ssh_scan/blob/master/examples/192.168.1.1.json). This tool is currently open-sourced as more of a prototype tool here (https://github.com/claudijd/ssh_scan). Current feature gaps include the ability to detect the types of authentication (password/key-based/auth), nmap-style targeting and scanning, and IPv6 support. Lastly, it might be useful to have some server-side infrastructure components/API developed for this service with a cool front end to assist with scanning/compliance automation. These are the sorts of things this project team would attempt to solve and deliver during the project window. | This project would work on improving the scalability and feature set of ssh_scan, a tool for scanning for ssh policy and compliance (mainly attributes found here https://github.com/claudijd/ssh_scan/blob/master/examples/192.168.1.1.json). This tool is currently open-sourced as more of a prototype tool here (https://github.com/claudijd/ssh_scan). Current feature gaps include the ability to detect the types of authentication (password/key-based/auth), nmap-style targeting and scanning, and IPv6 support. Lastly, it might be useful to have some server-side infrastructure components/API developed for this service with a cool front end to assist with scanning/compliance automation. These are the sorts of things this project team would attempt to solve and deliver during the project window. | ||
=== Security Testing Workflow and Toolchain for Python Websites and Services === | === OpenSAMM: Security Testing Workflow and Toolchain for Python Websites and Services === | ||
* Mentors: [https://mozillians.org/en-US/u/amuntner/ Adam Muntner] | * Mentors: [https://mozillians.org/en-US/u/amuntner/ Adam Muntner] | ||