WebAppSec: Difference between revisions
| Line 34: | Line 34: | ||
* Remote Participation: Yes, streaming via air.mozilla.org | * Remote Participation: Yes, streaming via air.mozilla.org | ||
* Lab Setup - Please setup your VM test instance prior to the session - [http://people.mozilla.org/~mcoates/WebSecurityLab.html instructions] | * Lab Setup - Please setup your VM test instance prior to the session - [http://people.mozilla.org/~mcoates/WebSecurityLab.html instructions] | ||
* 10 minute online video - [http://www.youtube.com/watch?v=_Z9RQSnf8-g&feature=channel_video_title Cross Site Scripting] | |||
===='''August 16, 2011 - Hands-On Hacking Brownbag - SQL Injection'''==== | ===='''August 16, 2011 - Hands-On Hacking Brownbag - SQL Injection'''==== | ||
* Topic: SQL Injection | * Topic: SQL Injection | ||
Revision as of 15:48, 12 July 2011
Mozilla Web Application Security
Welcome to the home page for Mozilla Web Application Security. This page will provide security information related to Mozilla hosted web applications and web services.
Note: This public page has been recently created and will be updated with more information.
Secure Development Guidance
Web Application Security Severity Ratings
Request a Security Review
Are you releasing a Mozilla web application or service? If so, the Mozilla infrasec team can review the code and running application for security flaws.
Presentations
Infrastructure security will be presenting on various security topics on a regular basis. These courses are free and open to anyone that would like to attend. For those that are remote, please join us on air.mozilla.org to remotely watch the presentation.
Schedule
July 14, 2011 - Mobile Hacking
- Topic: Blake Turrentine presents Mobile Hacking courseware for BlackHat 2011
- Time: 6pm-9:30pm Pacific
- Location: Mountain View (10 Forward) (Sorry, no streaming)
- Remote Participation: No, lab element requires in-person attendance
- Limited Space - RSVP Required
July 20, 2011 - Hands-On Hacking Brownbag - Cross Site Scripting
- Topic: Cross Site Scripting
- Time: 12pm-1pm Pacific
- Location: Mountain View (10 Forward)
- Remote Participation: Yes, streaming via air.mozilla.org
- Lab Setup - Please setup your VM test instance prior to the session - instructions
- 10 minute online video - Cross Site Scripting
August 16, 2011 - Hands-On Hacking Brownbag - SQL Injection
- Topic: SQL Injection
- Time: 12pm-1pm Pacific
- Location: Mountain View (10 Forward)
- Remote Participation: Yes, streaming via air.mozilla.org
- Lab Setup - Please setup your VM test instance prior to the session - instructions
August 25, 2011 - OWASP Bay Area Chapter Meeting
- Topic: Application Security Topics - TBD
- Time: 6pm-9:30pm Pacific
- Location: Mountain View (10 Forward)
- Remote Participation: Yes, streaming via air.mozilla.org
- RSVP Required - Link Pending
Future Topics
- Hands-On Hacking Classes Planned For Each Month
- Submit an idea for a topic or brownbag to webappsec@mozilla.org
Archive
- April 23, 2011 - Stanford Open Source Bootcamp - Securing Web Applications
- Mozilla Summit 2010 - Web Application Security (.key) (.ppt)
Security Learning Materials
- OWASP Top 10 Application Security Risks
- 10 Minute Security Training Videos (More to come)
- Application Security Basics
- Injection Attacks
- Cross Site Scripting
- Additional videos under development
Mozilla WebAppSec Mailing List
Interested in discussing web application security concerns and the impact on Mozilla web applications? Then this is the list for you. Please note, this is a public list and is not the appropriate channel to discuss open security vulnerabilities (please file a bug in bugzilla).
webappsec@mozilla.org
https://mail.mozilla.org/listinfo/webappsec
Infrastructure Security Blog - http://blog.mozilla.com/webappsec/