canmove, Confirmed users
285
edits
Community:SummerOfCode13:Brainstorming: Difference between revisions
Community:SummerOfCode13:Brainstorming (view source)
Revision as of 19:54, 29 March 2013
, 29 March 2013→Security Engineering
| Line 384: | Line 384: | ||
|- | |- | ||
| Security Report | | Security Report | ||
| It can be tricky for a developer to cover all their bases when it comes to security. Moreover, information about the security of a website can be difficult for advanced users to find without searching through multiple data sources in the browser (error console, cookie manager, certificate manager, etc.) This project is to build a firefox addon that reports all of this data in one place. Developers can then view the report for their websites or pre-production pages and quickly identify their security issues. Advanced users can quickly learn about a websites security before deciding whether or not they want to enter sensitive information on the page. | | It can be tricky for a developer to cover all their bases when it comes to security. Moreover, information about the security of a website can be difficult for advanced users to find without searching through multiple data sources in the browser (error console, cookie manager, certificate manager, etc.) This project is to build a firefox addon that reports all of this data in one place. Developers can then view the report for their websites or pre-production pages and quickly identify their security issues. Advanced users can quickly learn about a websites security before deciding whether or not they want to enter sensitive information on the page. | ||
Here are some examples of what the security report could include: | Here are some examples of what the security report could include: | ||
* information about network requests that have been blocked by the browser for security reasons (e.g. mixed content, CSP, CORS) | * information about network requests that have been blocked by the browser for security reasons (e.g. mixed content, CSP, CORS) | ||
* information about the cookies on the site (are they marked secure, do they have the httponly attribute?) | * information about the cookies on the site (are they marked secure, do they have the httponly attribute?) | ||
* security related headers ( | * security related headers (does the site set STS, CSP, or X-Frame-Options headers?) | ||
* SSL information (is the websites ssl certficate about to expire? | * SSL information (is the websites ssl certficate about to expire?) | ||
| JavaScript, Add-on SDK, some platform knowledge. | | JavaScript, Add-on SDK, some platform knowledge. | ||