Anti-spam team, Confirmed users
99
edits
Security/Automation/Winter Of Security 2015: Difference between revisions
Jump to navigation
Jump to search
Security/Automation/Winter Of Security 2015 (view source)
Revision as of 15:13, 7 July 2015
, 7 July 2015Minor updates
(Minor updates) |
|||
| Line 35: | Line 35: | ||
=== Menagerie - a collection of tests and demos for security headers and TLS configurations === | === Menagerie - a collection of tests and demos for security headers and TLS configurations === | ||
* Mozilla Advisor: [https://mozillians.org/en-US/u/mgoodwin/ Mark Goodwin] | * Mozilla Advisor: [https://mozillians.org/en-US/u/mgoodwin/ Mark Goodwin] and [https://mozillians.org/en-US/u/april/ April King] | ||
* Difficulty: | * Difficulty: Low | ||
* Language: English | * Language: English | ||
There are (or have been) various websites designed to educate and provide examples on good / bad configurations of security headers and TLS configurations (e.g. https://badssl.com/ https://pinningtest.appspot.com/) - it'd be great to have a collection of such examples in one place. Examples of things to include: | There are (or have been) various websites designed to educate and provide examples on good / bad configurations of security headers and TLS configurations (e.g. https://badssl.com/ and https://pinningtest.appspot.com/) - it'd be great to have a collection of such examples in one place. Examples of things to include: | ||
** The stuff that badssl does | ** The stuff that badssl does | ||
** | ** HPKP examples (good and bad - e.g. don't DoS yourself) | ||
** Maybe we can get a preloaded pin - talk to Google perhaps | ** Maybe we can get a preloaded pin - talk to Google perhaps | ||
** CSP examples (good and bad) | ** CSP examples (good and bad) | ||