Security/Mentorships/MWoS/2014/Compliance checking of TLS configuration: Difference between revisions

From MozillaWiki
< Security‎ | Mentorships‎ | MWoS‎ | 2014
Jump to navigation Jump to search
No edit summary
Line 1: Line 1:
[[File:WinterOfSecurity_logo_light_horizontal.png|right|500px]]
== Team ==
== Team ==
=== Introduction ===
=== Introduction ===
Line 10: Line 11:
== Project ==
== Project ==
=== Description ===
=== Description ===
Mozilla maintains guidelines for [[Security/Server_Side_TLS|server side configurations of SSL/TLS]] that we use to guide the deployment of secure services everywhere. The goal of this project is to build a tool that verifies compliance of a service with our guidelines, and help the administrators improve their security. The tool must be able to evaluate the quality of ciphers, detect required features such as OCSP stapling, and evaluate certificates. It is very similar in philosophy to project like SSL Labs and [https://github.com/jvehent/cipherscan Cipherscan], but mixed with a certificate observatory. Its purpose will be to help administrators reach a better security level, and measure compliance against Mozilla's policies.
The end goal is to have a service that can be called to run a full compliance check of a target. It should also have an API to retrieve data from, so that other tools can query the compliance checker platform.
=== Scope ===
=== Scope ===
=== Success Criteria ===
=== Success Criteria ===

Revision as of 00:25, 3 August 2014

WinterOfSecurity logo light horizontal.png

Team

Introduction

My Name is Dimitris Bachtis and I am a Software Engineer and Information Security enthusiast. I live, work and study in Greece. I am now finishing my MSc in InfoSec at the University of Piraeus.

Members

Project

Description

Mozilla maintains guidelines for server side configurations of SSL/TLS that we use to guide the deployment of secure services everywhere. The goal of this project is to build a tool that verifies compliance of a service with our guidelines, and help the administrators improve their security. The tool must be able to evaluate the quality of ciphers, detect required features such as OCSP stapling, and evaluate certificates. It is very similar in philosophy to project like SSL Labs and Cipherscan, but mixed with a certificate observatory. Its purpose will be to help administrators reach a better security level, and measure compliance against Mozilla's policies.

The end goal is to have a service that can be called to run a full compliance check of a target. It should also have an API to retrieve data from, so that other tools can query the compliance checker platform.

Scope

Success Criteria

Updates

<date>

  • current work
  • blocking points
  • discussion points
  • upcoming work
Retrieved from "https://wiki.allizom.org/index.php?title=Security/Mentorships/MWoS/2014/Compliance_checking_of_TLS_configuration&oldid=1002001"