Canmove, confirm
285
edits
Changes
→Security Engineering
|-
|Prevent tracking via http basic auth
|Currently a website can track users by setting requests to their resources (advertising) using urls that contain auhtentication attributes. Sites then can use these attributes to track users between sites (and avoid the need to set up cookies or other storage). This project will enhance firefox so that this type of tracking cannot be done and to determine how much this happens in practice. The two goals for this project are: Enhance the collusion add-on to include this typeof tracking and change firefox so that a preference exist so that the only http auth headers that get cached are the ones entered manually by the user.
|cviecco
|cviecco
|
|-
| SPDY and WebsSocket Testing Tools
| HTTP is old and busted, SPDY and WebSockets are the new hotness. Unfortunately there are no really good tools for performing manual and automated security testing for these protocols (aside from protocol fuzzing). We need a brilliant candidate who can work with us to create some new tools that fit in with the asynchronous nature of these protocols while allowing testers to adapt manual / intercepting proxy oriented testing techniques. In particular, an existing tool such as OWASP Zap should be updated to support both interception, and streaming modifications to request contents.
| Yvan Boily
| Yvan Boily
|
|}
