Mozilla Develops Security Testing Framework
Written by Alex Denham   
Thursday, 24 January 2013

Mozilla is working on an open source security framework called Minion that you’ll be able to use to give your web applications a security check.

The framework, which will enable developers to run tests while developing websites, will make use of established open testing tools including Zed Attack Proxy (ZAP), Skipfish and NMAP.

Future work will see other testing tools being handled as plugins.

 

minionblock

 

Mozilla started development of the framework for its own team, according to the personal blog of Mozilla security developer Yvan Boily, who says:

“We want our developers to do horrible things to the applications and services they write, and we want it to be as easy as the push of a button”.

In practical terms, Mozilla:

“envisions a tool that will provide basic automation for a range of security tools, with intelligently selected configurations for ease of use, and well thought out configuration options to allow the user to configure a range of tools by modifying a small set of values.” 

Of course, one potential drawback of a tool that finds weaknesses in a web application is that the information returned could be useful for people wanting to hack the website. Because of this, Minion is being designed to be very secure, and when a request is made to analyze a website, the service will ask the website operators whether they’ve requested the analysis.

If you want to know more about using Minion and writing plugins this video of a presentation given by Yvan Boily and Stefan Arentz has details:

 

 

Currently Minion is only available for use internally within Mozilla but as an open source project its source code is on github.


mozilla2

More Information

Minion Overview

Minion on Github

Yvan Boily's blog

Related Articles

Hardcode Competition - Focus On Security

GUI Tool Reveals SQL Injection Vulnerabilities

New tool detects RegEx security weakness

Java Still Insecure Warns Homeland Security

 

To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin,  or sign up for our weekly newsletter.

 

blog comments powered by Disqus

 

Banner


Duetto Morphs To Cheerp
03/09/2014

A C/C++ compiler for the Web has been released. It brings the advantage of bi-directional interoperability between C or C++ code and JavaScript code.



Android Apps On Chrome
11/09/2014

It has always been a strange situation that Google should have two mobile operating systems - Chrome and Android. Surely it only ever needed one? Now at least we have some unity in that at last Chrome [ ... ]


More News

Last Updated ( Thursday, 24 January 2013 )
 
 

   
RSS feed of news items only
I Programmer News
Copyright © 2014 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.