Confirmed users
529
edits
SecurityEngineering/Newsletter: Difference between revisions
Minor typos and mention of enigma talk
Ptheriault (talk | contribs) |
(Minor typos and mention of enigma talk) |
||
| Line 43: | Line 43: | ||
* <nowiki>Addons.mozilla.org</nowiki> and Firefox Accounts have been brought to compliance with [https://wiki.mozilla.org/Security/FoxSec Operation Security’s security checklist]. These services now have strong CSP, HSTS, HPKP and various other security improvements. | * <nowiki>Addons.mozilla.org</nowiki> and Firefox Accounts have been brought to compliance with [https://wiki.mozilla.org/Security/FoxSec Operation Security’s security checklist]. These services now have strong CSP, HSTS, HPKP and various other security improvements. | ||
* Simon Bennetts released [https://github.com/zaproxy/zap-core-help/wiki/HelpReleases2_6_0 version 2.6.0] of the ZAP web security scanner, with a long list of enhancements and bug fixes from the OWASP community. Noteworthy is the addition of an [https://github.com/zaproxy/zap-extensions/pull/765 OpenAPI/Swagger extension] to automate the discovery and scanning of REST APIs. We plan on using it to scan Firefox backend APIs. | * Simon Bennetts released [https://github.com/zaproxy/zap-core-help/wiki/HelpReleases2_6_0 version 2.6.0] of the ZAP web security scanner, with a long list of enhancements and bug fixes from the OWASP community. Noteworthy is the addition of an [https://github.com/zaproxy/zap-extensions/pull/765 OpenAPI/Swagger extension] to automate the discovery and scanning of REST APIs. We plan on using it to scan Firefox backend APIs. | ||
* Firefox Screenshots (formerly Pageshot) completed a [https://github.com/mozilla-services/screenshots/issues?utf8=✓&q=is:issue | * Firefox Screenshots (formerly Pageshot) completed a [https://github.com/mozilla-services/screenshots/issues?utf8=✓&q=is:issue%20label:secreview security review] as part of its graduation from the TestPilot program | ||
* TLS Observatory now has the ability to count end-entity certificates associated with a root or intermediate, and a [https://tls-observatory.services.mozilla.com/static/certsplainer.html?id=1820980 lightweight web ui ]to visualize certs and their paths. We also started loading certificates from Google’s Aviator CT log, bringing the [https://tls-observatory.services.mozilla.com/api/v1/__stats__?format=text count of certs ]over 12 million. | * TLS Observatory now has the ability to count end-entity certificates associated with a root or intermediate, and a [https://tls-observatory.services.mozilla.com/static/certsplainer.html?id=1820980 lightweight web ui ]to visualize certs and their paths. We also started loading certificates from Google’s Aviator CT log, bringing the [https://tls-observatory.services.mozilla.com/api/v1/__stats__?format=text count of certs ] over 12 million. | ||
* Will Kahn-Greene released [http://bluesock.org/~willkg/blog/dev/bleach_2_0.html Bleach v2.0], a major new release of this popular Python library used to sanitize HTML in web applications. | * Will Kahn-Greene released [http://bluesock.org/~willkg/blog/dev/bleach_2_0.html Bleach v2.0], a major new release of this popular Python library used to sanitize HTML in web applications. | ||
| Line 63: | Line 63: | ||
* Announced the [https://blog.mozilla.org/security/2017/02/23/the-end-of-sha-1-on-the-public-web/ deprecation of SHA-1 on the Public Web] | * Announced the [https://blog.mozilla.org/security/2017/02/23/the-end-of-sha-1-on-the-public-web/ deprecation of SHA-1 on the Public Web] | ||
* Francois Marier lectured on [https://speakerdeck.com/fmarier/getting-browsers-to-improve-the-security-of-your-webapp how to adopt new browser security features at] ConFoo | * Francois Marier lectured on [https://speakerdeck.com/fmarier/getting-browsers-to-improve-the-security-of-your-webapp how to adopt new browser security features at] ConFoo | ||
* Julien Vehent presented on [https://www.youtube.com/watch?v=e2axToBYD68 Test Driven Security in Continuous Integration] at Enigma | |||
* Discussed the [https://blog.mozilla.org/security/2017/01/29/mozilla-security-bytes-episode-1-csp/ history and future of CSP] in the [https://github.com/mozilla/security-bytes-podcast Security Bytes podcast] | * Discussed the [https://blog.mozilla.org/security/2017/01/29/mozilla-security-bytes-episode-1-csp/ history and future of CSP] in the [https://github.com/mozilla/security-bytes-podcast Security Bytes podcast] | ||
* Released version [https://blog.mozilla.org/security/2017/04/04/mozilla-releases-version-2-4-ca-certificate-policy/ 2.4 of Mozilla’s CA Certificate Policy] | * Released version [https://blog.mozilla.org/security/2017/04/04/mozilla-releases-version-2-4-ca-certificate-policy/ 2.4 of Mozilla’s CA Certificate Policy] | ||