SummerOfCode/2013/SecurityReport/WeeklyUpdates/2013-06-03: Difference between revisions
(Created page with "{{subst:WeeklyUpdates}}") |
|||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
=== This Week === | === This Week === | ||
| Line 21: | Line 7: | ||
=== Wednesday, {{#time:d F|{{SUBPAGENAME}} +2 days}} === | === Wednesday, {{#time:d F|{{SUBPAGENAME}} +2 days}} === | ||
* Created a rough phase wise plan of project after discussing with my mentor. | |||
1. Record different types of security errors from various locations in the browser (such as error console, web console) and display them at a single location. | |||
2. Create a UI to display security errors. We can first start with an extension and then integrate it into developers tool. Alternatively, we can directly start with integration into developers tool. | |||
3. Do a large scale study of web site (for example, Alexa 1M top websites) to check how many sites have security errors or bad practices. Publish our survey result in good venue. | |||
4. Allow users to take decisions. Infer CSP policy for a website and offer users inferred policy if the website doesn't set a CSP policy. | |||
=== Thursday, {{#time:d F|{{SUBPAGENAME}} +3 days}} === | === Thursday, {{#time:d F|{{SUBPAGENAME}} +3 days}} === | ||
The first step to start project is to list down the things that need to be included in security report tool. | |||
* A list of Security Errors and Warnings that can be included in the security report tool. | |||
i) CSP violation | |||
ii) mixed content blocking | |||
iii) SSL errors | |||
iV) CORS (Cross Origin Resource Request) | |||
Additional information that can be collected: | |||
i) http-only field missing | |||
ii) X-Frame-Options header missing | |||
iii) HSTS | |||
iv) CSP header missing | |||
=== | === Friday, {{#time:d F|{{SUBPAGENAME}} +4 days}} === | ||
Latest revision as of 03:54, 7 June 2013
This Week
Monday, 03 June
Tuesday, 04 June
Wednesday, 05 June
- Created a rough phase wise plan of project after discussing with my mentor.
1. Record different types of security errors from various locations in the browser (such as error console, web console) and display them at a single location. 2. Create a UI to display security errors. We can first start with an extension and then integrate it into developers tool. Alternatively, we can directly start with integration into developers tool. 3. Do a large scale study of web site (for example, Alexa 1M top websites) to check how many sites have security errors or bad practices. Publish our survey result in good venue. 4. Allow users to take decisions. Infer CSP policy for a website and offer users inferred policy if the website doesn't set a CSP policy.
Thursday, 06 June
The first step to start project is to list down the things that need to be included in security report tool.
- A list of Security Errors and Warnings that can be included in the security report tool.
i) CSP violation ii) mixed content blocking iii) SSL errors iV) CORS (Cross Origin Resource Request)
Additional information that can be collected:
i) http-only field missing ii) X-Frame-Options header missing iii) HSTS iv) CSP header missing