Security/Meetings/Automation/2013-10-02: Difference between revisions
< Security | Meetings | Automation
Jump to navigation
Jump to search
(prelim page) |
No edit summary |
||
| Line 3: | Line 3: | ||
Just copy them to new pages and it should Just Work!--> | Just copy them to new pages and it should Just Work!--> | ||
<center>[[Security/Meetings/Automation/{{#time: Y-m-d | {{SUBPAGENAME}} -1 week}}|« previous week]] | [[Security/Meetings/Automation|index]] | [[Security/Meetings/Automation/{{#time: Y-m-d | {{SUBPAGENAME}} +1 week}}|next week »]]</center> | <center>[[Security/Meetings/Automation/{{#time: Y-m-d | {{SUBPAGENAME}} -1 week}}|« previous week]] | [[Security/Meetings/Automation|index]] | [[Security/Meetings/Automation/{{#time: Y-m-d | {{SUBPAGENAME}} +1 week}}|next week »]]</center> | ||
http://ben-stock.de/wp-content/uploads/domxss.pdf Large scan DOM XSS detection | |||
http://code.google.com/p/wavsep/ | |||
== ZAP == | |||
* Script support for ruby/python implemented via add-ons | |||
* All other JSR223 langs supported (but requires manual handwaving) | |||
* ZAP version 2.2.2 released | |||
* http check add-on updated but not published yet | |||
Julien talked about security report output formats: | |||
* a first stab at the work week with yvan | |||
* more on etherpad: https://security.etherpad.mozilla.org/SecurityAutomationReports | |||
== Q4 Plans == | |||
mgoodwin | |||
* pnh | |||
* htmlfuzzer thing | |||
freddy | |||
* htmlfuzzer thing | |||
* scanjs | |||
simon | |||
* pnh | |||
* client side scanning | |||
* privacy scanner | |||
* Zest phase 2?? | |||
* Zest, CI, API docs, vids | |||
* SSL checks in ZAP addon - we can (maybe probably) use this in minion | |||
ulfr | |||
* SSL conf and testing. OCSP stapling, SNI, DH param sizes, etc... | |||
* MIG, lots of it | |||
* system sec compliance tests | |||
Stefan - will be looking at 3 things: | |||
* PnH (stretch goal) - get the changes cleaned up, pushed to ringleader | |||
* Observatory (mini-minion) | |||
* Overlord | |||
== htmlfuzzerthing feedback == | |||
* mark said it's gonna be called motherfuzzer. all productivity has been ruined :D | |||
* start prototyping (oh no we still need a name :(() | |||
Revision as of 15:07, 2 October 2013
http://ben-stock.de/wp-content/uploads/domxss.pdf Large scan DOM XSS detection http://code.google.com/p/wavsep/
ZAP
- Script support for ruby/python implemented via add-ons
- All other JSR223 langs supported (but requires manual handwaving)
- ZAP version 2.2.2 released
- http check add-on updated but not published yet
Julien talked about security report output formats:
- a first stab at the work week with yvan
- more on etherpad: https://security.etherpad.mozilla.org/SecurityAutomationReports
Q4 Plans
mgoodwin
- pnh
- htmlfuzzer thing
freddy
- htmlfuzzer thing
- scanjs
simon
- pnh
- client side scanning
- privacy scanner
- Zest phase 2??
- Zest, CI, API docs, vids
- SSL checks in ZAP addon - we can (maybe probably) use this in minion
ulfr
- SSL conf and testing. OCSP stapling, SNI, DH param sizes, etc...
- MIG, lots of it
- system sec compliance tests
Stefan - will be looking at 3 things:
- PnH (stretch goal) - get the changes cleaned up, pushed to ringleader
- Observatory (mini-minion)
- Overlord
htmlfuzzerthing feedback
- mark said it's gonna be called motherfuzzer. all productivity has been ruined :D
- start prototyping (oh no we still need a name :(()