Confirm
133
edits
Changes
→Web Security
* language: english or german
[https://github.com/mozilla/scanjs ScanJS] is a JavaScript source code analyzer written in JavaScript. It helps reviewing and testing open web apps for security vulnerabilities. The goal of this project is to contribute to ScanJS by taking some [https://github.com/mozilla/scanjs/issues known issues] and improve the tool's capabilities. Students are also encourage to explore areas of Javascript static analysis and contribute their findings to ScanJS. ScanJS is testable at this [http://mozilla.github.io/scanjs/client/ demo page] by uploading a JS file (or a ZIP file containing multiple JS files).
==== OWASP ZAP: Scripted Add-ons ====
* Mozilla Advisor: Simon Bennetts
* difficulty: medium
* language: English
[https://www.owasp.org/index.php/ZAP ZAP] supports all JSR 223 scripting languages, but only for a limited number of purposes. This development would allow 'full' add-ons to be written in any JSR 223 language.
ZAP is the most active OWASP project and was voted the most popular security tool of 2013 by ToolsWatch.org readers. It is written in Java, so a good knowledge of this language is recommended, as is knowledge of HTML. Some knowledge of application security would be useful, but not essential.
==== OWASP ZAP: AMF Support ====
* Mozilla Advisor: Simon Bennetts
* difficulty: medium
* language: English
[https://www.owasp.org/index.php/ZAP ZAP] has only very limited support for AMF and does not provide an effective graphical representation of it. This development will add full support for AMF.
ZAP is the most active OWASP project and was voted the most popular security tool of 2013 by ToolsWatch.org reeaders. It is written in Java, so a good knowledge of this language is recommended, as is knowledge of HTML. Some knowledge of application security would be useful, but not essential.
==== OWASP ZAP: As a long running service ====
* Mozilla Advisor: Simon Bennetts
* difficulty: medium
* language: English
[https://www.owasp.org/index.php/ZAP ZAP] started out as a GUI only desktop tool. It now supports a headless 'daemon' mode but it is still not suitable for running as a long running service. This will require much heavier use of the database, and ideally will allow different databases to be used.
ZAP is the most active OWASP project and was voted the most popular security tool of 2013 by ToolsWatch.org readers. It is written in Java, so a good knowledge of this language is recommended, as is knowledge of HTML. Some knowledge of application security would be useful, but not essential.
=== Forensic ===
