Canmove, confirm
285
edits
Changes
→Security Engineering
| SPDY and WebsSocket Testing Tools
| HTTP is old and busted, SPDY and WebSockets are the new hotness. Unfortunately there are no really good tools for performing manual and automated security testing for these protocols (aside from protocol fuzzing). We need a brilliant candidate who can work with us to create some new tools that fit in with the asynchronous nature of these protocols while allowing testers to adapt manual / intercepting proxy oriented testing techniques. In particular, an existing tool such as OWASP Zap should be updated to support both interception, and streaming modifications to request contents.
Links: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project<br/>
http://mbelshe.github.com/SPDY-Specification<br/>
http://dev.w3.org/html5/websockets/
| Yvan Boily
| Yvan Boily
|
|}
