Project Title: Security Report
The aim of this project is to build a Firefox add-on that provides security related information (such as SSL certificate errors, CSP violation reports, non-secure cookies, etc) of a website to users in a single place. This will help users better discern malicious attempts and allow benign web developers to easily identify security issues in their production pages.
- PATIL Kailas < patilkr24 AT gmail DOT com >
- GitHub Status: checked in
- While working on this projects I noticed bugs in FF. I reported those bugs on Bugzilla as well developed patches for a few of them.
- Bugs Reported:
https://bugzilla.mozilla.org/show_bug.cgi?id=898712 https://bugzilla.mozilla.org/show_bug.cgi?id=890224 https://bugzilla.mozilla.org/show_bug.cgi?id=886329 https://bugzilla.mozilla.org/show_bug.cgi?id=919568
- Patches I wrote:
https://bugzilla.mozilla.org/show_bug.cgi?id=898712 Status : review+
https://bugzilla.mozilla.org/show_bug.cgi?id=890224 Status: feedback+
- The security report tool add-on is also uploaded on Mozilla Add-on Gallery and currently it is under review.
More Info About Project
Modern browsers tend to communicate with their end users on various security aspects of their ongoing operations. Such communication clarifies certain errors and warning in web sites user visiting and warns users of potential risks such as invalid SSL certificates, unsecured cookies, etc. However, such security information is largely dispersed at present in the browsers. To check security information of a website, users of Firefox need to search multiple data sources in the browser such as error console, cookie manager, certificate manager, etc. This hinders users from checking security related information for a website. The aim of this project is to build a Firefox add-on that provides security information about a website to advanced users in a single place.
In addition, developing a website that covers all security basis is tricky for developers. However, we believe that if web developers will get security information of their production pages at single place in browser then it will help them to fix security issues in their production pages before releasing them to users. The benefits of this project to Firefox users are thus two-fold: First, advanced users can learn about website security using this tool before deciding whether they can submit their credential to website or not. Second, web developers can use it to read security information of their production pages and identify security issues in their website.
Weekly Status Updates:
- June 3, 2013 - June 7, 2013
- June 10, 2013 - June 14, 2013
- June 17, 2013 - June 21, 2013
- June 24, 2013 - June 28, 2013
- July 1, 2013 - July 5, 2013
- July 8, 2013 - July 12, 2013
- July 15, 2013 - July 19, 2013
- July 22, 2013 - July 26, 2013
- July 29, 2013 - August 2, 2013
- August 05, 2013 - August 09, 2013
- August 12, 2013 - August 23, 2013 (Two Weeks)
- August 26, 2013 - August 30, 2013
- September 2, 2013 to September 6, 2013: My PhD oral defense exam date scheduled in this week. So I didn't work on the project.
- September 09, 2013 - September 13, 2013
- September 16, 2013 - September 20, 2013
OUTPUT: Sample Security Reports
- Sample of detailed security report generated by this tool is given below for a few sample websites.
You can view a detailed security report for above web page at : http://swl.ddns.comp.nus.edu.sg/secReport/securityReport--24-9-2013--10-16-42.htm
- Web Page: https://csptest.computerist.org/
You can view a detailed security report for above web page at : http://swl.ddns.comp.nus.edu.sg/secReport/securityReport--24-9-2013--10-40-20.htm
- Web Page: https://swl.ddns.comp.nus.edu.sg/
You can view a detailed security report for above web page at : http://swl.ddns.comp.nus.edu.sg/secReport/securityReport--24-9-2013--10-43-30.htm
- I would like to thank all Mozilla developers for the valuable time they spent to solve difficulties I encounter while working on this project. Specially, Frederik Braun (:freddyb), Mark Goodwin (:mgoodwin), and Tanvi Vyas (:tanvi) for their continuous timely support and guidance.
- I would also like to thank people from #security, #jetpack, #developers and #devtools channel who helped me a lot while working on this project.
A sample security report screenshot
- A sample screenshot of a security report of a web page: https://people.mozilla.org/~mgoodwin/mixed