WebAppSec: Difference between revisions

← Older edit

WebAppSec (view source)

Revision as of 19:39, 20 August 2012

2,835 bytes added , 20 August 2012

→‎Mozilla Web Application Security

Mfuller

24

edits

@@ Line 2: / Line 2: @@
 Welcome to the home page for Mozilla Web Application Security. This page will provide security information related to Mozilla hosted web applications and web services.
-Note: This public page has been recently created and will be updated with more information.
 == Secure Development Guidance  ==
@@ Line 17: / Line 15: @@
 [[WebAppSec/Security_Review_Request|Security Review Request]]
+[[WebAppSec/Wordpress_Security_Review_Process|Wordpress Theme or Plugin - Security Install Process]]
+==Filing a Web Security Bug==
+For instructions regarding the use of Bugzilla to file a web security bug, visit: [[WebAppSec/Filing_In_Bugzilla|Filing a Web Security Bug in Bugzilla]]
 == Presentations  ==
 Infrastructure security will be presenting on various security topics on a regular basis. These courses are free and open to anyone that would like to attend.  For those that are remote, please join us on air.mozilla.org to remotely watch the presentation.
-===Schedule===
+===Schedule-2012===
+===Schedule-2011-Archive===
+===='''April 23, 2011 - Stanford Open Source Bootcamp'''====
+* Topic: Securing Web Applications through Hands On Security Hacking
+* Slides: [http://people.mozilla.org/~mcoates/WebAppSec-Training.html Securing Web Applications]
 ===='''[https://wiki.mozilla.org/WebAppSec/Presentations/2011-07-14-MobileHacking July 14, 2011 - Mobile Hacking]'''====
 * Topic: Blake Turrentine presents Mobile Hacking courseware for BlackHat 2011
@@ Line 33: / Line 43: @@
 * Location: Mountain View (10 Forward)
 * Remote Participation: Yes, streaming via air.mozilla.org
-* Lab Setup - Please setup your VM test instance prior to the session - [http://people.mozilla.org/~mcoates/WebSecurityLab.html instructions]
+* '''''Important''''' Lab Setup - Please setup your VM test instance prior to the session - [http://people.mozilla.org/~mcoates/WebSecurityLab.html#installation instructions]
+* 10 minute online video - [http://www.youtube.com/watch?v=_Z9RQSnf8-g&feature=channel_video_title Cross Site Scripting]
+* Archived [http://www.slideshare.net/michael_coates/cross-site-scripting-mozilla-security-learning-center Slides]
 ===='''August 16, 2011 - Hands-On Hacking Brownbag - SQL Injection'''====
 * Topic: SQL Injection
 * Time: 12pm-1pm Pacific
 * Location: Mountain View (10 Forward)
-* Remote Participation: Yes, streaming via air.mozilla.org
+* Remote Participation: Yes, streaming via [http://air.mozilla.org air.mozilla.org]
 * Lab Setup - Please setup your VM test instance prior to the session - [http://people.mozilla.org/~mcoates/WebSecurityLab.html instructions]
+* 10 minute online video - [http://www.youtube.com/watch?v=pypTYPaU7mM&feature=channel_video_title  Injection Attacks]
+* Archived [http://www.slideshare.net/michael_coates/sql-injection-mozilla-security-learning-center Slides]
 ===='''August 25, 2011 - OWASP Bay Area Chapter Meeting '''====
-* Topic: Application Security Topics - TBD
+* Topic: Application Security Topics
+** 6:00 PM - 6:30 PM .............Check-in, registration, networking
+** 6:30 PM – 6:35 PM ........... Welcome Remarks/Agenda - Mandeep Khera
+** 6:35 PM - 7:45 PM ............ Enabling Browser Security in Web Applications- Michael Coates, Mozilla
+** 7:45 PM – 8:30 PM…......... Blackhat spam SEO - Julien Sobrier, Zscaler
 * Time: 6pm-9:30pm Pacific
 * Location: Mountain View (10 Forward)
-* Remote Participation: Yes, streaming via air.mozilla.org
+* Remote Participation: Yes, streaming via [http://air.mozilla.org air.mozilla.org]
-* RSVP Required - Link Pending
+* RSVP Required (for in person) [http://www.regonline.com/owaspsiliconvalleychaptermeeting RSVP Here]
+===='''September 21, 2011 - CEF Logging for Attack Aware Applications'''====
+* Topic: Implementing CEF logging to improve the security of web based applications
+* Time: 12pm-1pm Pacific
+* Location: Mountain View (10 Forward)
+* Remote Participation: Yes, streaming via [http://air.mozilla.org air.mozilla.org]
+* Archived Video , Slides - Will be available after the session
+===='''December 5, 2011 - Cross-Site Request Forgery and other cross domain technologies'''====
+* Topic: Dealing with CSRF, the talk will also cover Cross-Origin Resource Sharing and the postMessage API
+* Time: 12pm-1pm Pacific
+* Location: Mountain View (10 Forward)
+* Remote Participation: Yes, streaming via [http://air.mozilla.org air.mozilla.org]
+* Archived Video , Slides - Will be available after the session
+===='''December 14, 2011 - What You See and What You Get - An Attacker's perspective'''====
+* Topic: The talk covers how an attacker views a software system, how that differs from more common perspectives and what that teaches us about how to make secure products
+* Time: 5-6pm GMT
+* Location: Adsetts Learning Center (room 6619), Sheffield Hallam University, UK
+* Remote Participation: No
+* Archived Video - to be made available soon
 ====Future Topics====
+* Future topics: Content Security Policy, Strict Transport Security, Clickjacking & X-Frame-Options
 * Hands-On Hacking Classes Planned For Each Month
 * Submit an idea for a topic or brownbag to webappsec@mozilla.org
-===Archive ===
-* April 23, 2011 - Stanford Open Source Bootcamp - [http://people.mozilla.org/~mcoates/WebAppSec-Training.html Securing Web Applications]
-* Mozilla Summit 2010 - Web Application Security [https://docs.google.com/leaf?id=0B2Pqt0j8wq08MzUwZmQ5YmQtMTQ3Yi00MjFmLWE3OTAtZjBhMTVkYTA0ZDJj&sort=name&layout=list&num=50 (.key)] [http://docs.google.com/present/edit?id=0AWPqt0j8wq08ZGQ4OWhzNmRfMTM5aHRqamp6czc&hl=en&authkey=COzwmvEH (.ppt)]
 == Security Learning Materials ==
-* [https://www.owasp.org/index.php/Top_10_2010 OWASP Top 10 Application Security Risks]
+=== Online Videos ===
 * [http://www.youtube.com/user/AppsecTutorialSeries 10 Minute Security Training Videos] (More to come)
 ** [http://www.youtube.com/watch?v=CDbWvEwBBxo Application Security Basics]
@@ Line 61: / Line 100: @@
 ** [http://www.youtube.com/watch?v=_Z9RQSnf8-g&feature=channel_video_title Cross Site Scripting]
 ** Additional videos under development
+=== Security Presentations ===
+* [http://www.slideshare.net/michael_coates/cross-site-scripting-mozilla-security-learning-center Cross Site Scripting Basics]
+* [http://www.slideshare.net/michael_coates/sql-injection-mozilla-security-learning-center SQL Injection Basics]
+=== Security Guides ===
+* [https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet XSS Prevention Cheat Sheet]
+* [https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet SQL Prevention Cheat Sheet]
+=== Good Reads===
+* [https://www.owasp.org/index.php/Top_10_2010 OWASP Top 10 Application Security Risks]
 == Mozilla WebAppSec Mailing List ==