Security/Mentorships/MWoS/2014/Compliance checking of TLS configuration: Difference between revisions
(Created page with "== Team == === Introduction === === Members === * * Professor * Mozilla Advisor: [https://mozillians.org/en-US/u/jvehent/ Julien Vehent] == Project == === Description === =...") |
|||
| (9 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
[[File:WinterOfSecurity_logo_light_horizontal.png|right|500px]] | |||
== Team == | == Team == | ||
=== Introduction === | === Introduction === | ||
My Name is Dimitris Bachtis and I am a Software Engineer and Information Security enthusiast. I live, work and study in Greece. I am now finishing my MSc in InfoSec at the University of Piraeus. | |||
=== Members === | === Members === | ||
* | * Dimitris Bachtis | ||
* Professor | * Professor | ||
* Mozilla Advisor: [https://mozillians.org/en-US/u/jvehent/ Julien Vehent] | * Mozilla Advisor: [https://mozillians.org/en-US/u/jvehent/ Julien Vehent] | ||
| Line 8: | Line 11: | ||
== Project == | == Project == | ||
=== Description === | === Description === | ||
Mozilla maintains guidelines for [[Security/Server_Side_TLS|server side configurations of SSL/TLS]] that we use to guide the deployment of secure services everywhere. The goal of this project is to build a tool that verifies compliance of a service with our guidelines, and help the administrators improve their security. The tool must be able to evaluate the quality of ciphers, detect required features such as OCSP stapling, and evaluate certificates. It is very similar in philosophy to project like SSL Labs and [https://github.com/jvehent/cipherscan Cipherscan], but mixed with a certificate observatory. Its purpose will be to help administrators reach a better security level, and measure compliance against Mozilla's policies. | |||
The end goal is to have a service that can be called to run a full compliance check of a target. It should also have an API to retrieve data from, so that other tools can query the compliance checker platform. | |||
=== Scope === | === Scope === | ||
=== Success Criteria === | === Success Criteria === | ||
== Updates == | == Updates == | ||
=== | |||
* | === 21/11/2014 === | ||
* | |||
* discussion | * Performed Test Run on list of Sites. | ||
* | |||
ToDo: | |||
* Unit Testing | |||
* Start working for the second part of the tool ( TLS connection inspection ) | |||
=== 16/10/2014 === | |||
* Decided on a rough ElasticSearch JSON "schema" | |||
ToDo: | |||
* Start collecting certificates... | |||
=== 9/10/2014 === | |||
* Decided to go with ElasticSearch ( instead of PostGres ) + Kibana for visualisation of Data | |||
ToDo: | |||
* build ElasticSearch prototype | |||
=== 2/10/2014 === | |||
* Discussed about DB schema | |||
* Further discussion about SW Architecture | |||
ToDo: | |||
* rabbitmq prototype | |||
* database schema draft | |||
=== 11/09/2014 === | |||
* Decided to go with Golang for certificate retrieval | |||
* Postgres as database backend | |||
ToDo: | |||
* Evaluate conversion between x509 and json | |||
=== 03/09/2014 === | |||
<b>KickOff Meeting</b> | |||
* introductions | |||
ToDo: | |||
* Evaluate existing tools: sslize, cipherscan, ... | |||
* Evaluate different implementation languages ( Python, Go ) | |||
Latest revision as of 17:32, 23 November 2014
Team
Introduction
My Name is Dimitris Bachtis and I am a Software Engineer and Information Security enthusiast. I live, work and study in Greece. I am now finishing my MSc in InfoSec at the University of Piraeus.
Members
- Dimitris Bachtis
- Professor
- Mozilla Advisor: Julien Vehent
Project
Description
Mozilla maintains guidelines for server side configurations of SSL/TLS that we use to guide the deployment of secure services everywhere. The goal of this project is to build a tool that verifies compliance of a service with our guidelines, and help the administrators improve their security. The tool must be able to evaluate the quality of ciphers, detect required features such as OCSP stapling, and evaluate certificates. It is very similar in philosophy to project like SSL Labs and Cipherscan, but mixed with a certificate observatory. Its purpose will be to help administrators reach a better security level, and measure compliance against Mozilla's policies.
The end goal is to have a service that can be called to run a full compliance check of a target. It should also have an API to retrieve data from, so that other tools can query the compliance checker platform.
Scope
Success Criteria
Updates
21/11/2014
- Performed Test Run on list of Sites.
ToDo:
- Unit Testing
- Start working for the second part of the tool ( TLS connection inspection )
16/10/2014
- Decided on a rough ElasticSearch JSON "schema"
ToDo:
- Start collecting certificates...
9/10/2014
- Decided to go with ElasticSearch ( instead of PostGres ) + Kibana for visualisation of Data
ToDo:
- build ElasticSearch prototype
2/10/2014
- Discussed about DB schema
- Further discussion about SW Architecture
ToDo:
- rabbitmq prototype
- database schema draft
11/09/2014
- Decided to go with Golang for certificate retrieval
- Postgres as database backend
ToDo:
- Evaluate conversion between x509 and json
03/09/2014
KickOff Meeting
- introductions
ToDo:
- Evaluate existing tools: sslize, cipherscan, ...
- Evaluate different implementation languages ( Python, Go )