Security/Mentorships/MWoS/2014/Compliance checking of TLS configuration: Difference between revisions
m (→Members) |
|||
| Line 18: | Line 18: | ||
=== Success Criteria === | === Success Criteria === | ||
== Updates == | == Updates == | ||
=== | |||
* | === 03/09/2014 === | ||
<b>KickOff Meeting</b> | |||
* | * introductions | ||
* | |||
ToDo: | |||
* Evaluate existing tools: sslize, cipherscan, ... | |||
* Evaluate different implementation languages ( Python, Go ) | |||
Revision as of 16:20, 6 September 2014
Team
Introduction
My Name is Dimitris Bachtis and I am a Software Engineer and Information Security enthusiast. I live, work and study in Greece. I am now finishing my MSc in InfoSec at the University of Piraeus.
Members
- Dimitris Bachtis
- Professor
- Mozilla Advisor: Julien Vehent
Project
Description
Mozilla maintains guidelines for server side configurations of SSL/TLS that we use to guide the deployment of secure services everywhere. The goal of this project is to build a tool that verifies compliance of a service with our guidelines, and help the administrators improve their security. The tool must be able to evaluate the quality of ciphers, detect required features such as OCSP stapling, and evaluate certificates. It is very similar in philosophy to project like SSL Labs and Cipherscan, but mixed with a certificate observatory. Its purpose will be to help administrators reach a better security level, and measure compliance against Mozilla's policies.
The end goal is to have a service that can be called to run a full compliance check of a target. It should also have an API to retrieve data from, so that other tools can query the compliance checker platform.
Scope
Success Criteria
Updates
03/09/2014
KickOff Meeting
- introductions
ToDo:
- Evaluate existing tools: sslize, cipherscan, ...
- Evaluate different implementation languages ( Python, Go )