Monday, August 31, 2015

Learn about Firefox Security - CSP

Topic: Learn about Firefox Security - CSP
Venue: VIIT 
Time: 12 pm to 6:00pm
Date: 29 August 2015
Hashtag: #FirefoxSecVIIT

Flickr Link:  https://www.flickr.com/photos/55210866@N05/20865639238/in/dateposted-public/


This event aims to cover Content Security Policies (CSP). What is CSP, How to use CSP while developing a websites. UserCSP add-on introduction on AMO given to the audience. 
We also given introduction of security features available in the Firefox web browser to the participants.  In addition, we have introduce them and tested security add-ons available on the AMO.  Total 34 participants attended the event. 


Photos:




= Was it worth it? =-
According to my knowledge, Yes. The audience was satisfied with the content of the event.

Saturday, August 22, 2015

Research Publications

Research Publications:

A Measurement Study of the Content Security  Policy on Real-World Applications  [PDF]
Kailas Patil and Braun Frederik
International Journal of Network Security (IJNS),
Vol.18, No.2, PP.383-392, Mar. 2016


Towards Fine-Grained Access Control in JavaScript Contexts  [PDF]
Kailas Patil, Xinshu Dong, Xiaolei Li, Zhenkai Liang, and Xuxian Jiang.
In the 31st IEEE International Conference on Distributed Computing Systems (ICDCS),
ISSN : 1063-6927
E-ISBN : 978-0-7695-4364-2
Print ISBN: 978-1-61284-384-1
DOI: 10.1109/ICDCS.2011.87


Survey on Access Control Mechanism in Android  [PDF]
Shekhar K. Shende, Kailas R. Patil
International Journal of Electrical, Electronics and Computer Systems (IJEECS),
ISSN (Online): 2347-2820, Volume -3, Issue-4 2015


Survey on Privacy Preserving Mobile Health Monitoring System using  Cloud Computing [PDF]
Abhijeet S. Kurle,  Kailas R. Patil
International Journal of Electrical, Electronics and Computer Systems (IJEECS)
ISSN (Online): 2347-2820, Volume -3, Issue-4 2015


Poster: UserCSP-User Specified Content Security Policies [PDF]
Kailas Patil, T Vyas, F Braun, M Goodwin, Z Liang
In the proceedings of the Symposium On Usable Privacy and Security (SOUPS), 2013

FxOS APP Contribution Workshop- Test, Review and Develop apps on Tarako Devices

Topic: FxOS APP Contribution Workshop- Test, Reviewhotoand Develop apps on Tarako Devices
Venue: VIIT 
Time: 12 pm to 6:00pm
Date: 22 August 2015
Hashtag: #appreviewviitpune
Flickr Link:  https://www.flickr.com/photos/55210866@N05/tags/appreviewviitpune/


This event focused on to teach audience: how to create an App using Appmaker. In addition, this event also aim to introduced Firefox Marketplace to the audience and taught them how to download and test apps from the Firefox Marketplace. 

Total 55 people participated in the event. During the event participants submitted reviews for total 31 apps available on Firefox Marketplace. After introducing the participant APPMaker, we conducted a competition for APP development. We declared four winners based on useful apps created by the participants. For all four winners we gave Mozilla FirefoxOS T-shirts and Mozilla googles. 

Output of the Event:
1) Total 26 New FSA recruited.
2) All participants became member of VIIT Firefox Club
3) Total 31 apps reviewed on Firefox Marketplace
4) Good apps are created during the event such as roller coaster, NCERT (Xth), minesweeper, Heath advisor, SE engg programing guide, etc. Participants are requested to submit it  on Marketplace after giving it a final touch and testing its functionality. 


Photos:





= Was it worth it? =-
According to my knowledge, Yes. The audience was satisfied with the content of the event.

-= Should we go again? =-
Yes. I feel its worth the investment.


Monday, March 9, 2015

Firefox Marketplace Security Related Extensions

Firefox add-ons:


Sr. No.
Name
Features
1
XSS-Me
XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities.
2
noXSS
Protects user against XSS attacks
Not for latest firefox 35
3
NoScript Security Suite 2.6.9.15

Allow active content to run only from sites that user trust, and protect user against XSS and Clickjacking attacks.
4

RightClickXSS 0.2.1


This addon adds a right-click menu option to insert sample XSS payloads into textboxes for security testing. Useful for security researchers or developers testing for cross-site scripting in web applications.
5

FB Phishing Protector 4.4.3


Protects user from Phishing or Scams (through XSS injection attacks) while user is on Facebook
6

ImmuniWeb® Self-Fuzzer 0.9.3


ImmuniWeb® Self-Fuzzer is a simple and free extension that fuzzes user's HTTP requests in real-time to detect SQLi and XSS vulnerabilities on a website, demonstrating how easily these 2 most common web weaknesses can be found by anyone.
7

HackBar 1.6.3


Its main purpose is to help a developer do security audits on his code. If you know what your doing, this toolbar will help you do it faster.
8

Secure Login 1.0.6


Secure Login is an extension for Firefox integrated password manager.
Prevents malicious JavaScript code to automatically steal your login data.
Provides an option to protect your login data from all JavaScript code during login.
Websites requiring JavaScript for the login process can be added to an exception list.
Can prevent cross-site scripting (XSS) attacks to steal your passwords without having to deactivate JavaScript.
9

Karma Blocker 0.4.8


Especially useful for blocking third-party resources to help combat privacy leaks (cookies) and security problems (XSS).
10

Netcraft Toolbar 1.10.1


Blocks phishing sites, helping to protect users from online fraud


• Detailed site reports –the extension displays a wealth of information about the sites you visit, helping you to make informed choices about their integrity.

• Risk Ratings – we evaluate the characteristics of the site and compare these against those depicted by fraudulent sites. The result is a simple visual summary displayed on the site report.


• Protection against cross site scripting (XSS) – The extension optionally traps XSS and other suspicious URLs which contain characters with no purpose other than to deceive.
11

X-Forwarded-For Spoofer 1.0.2


With this add-on, you can assign an arbitrary IP address to the X-Forwarded-For field, attempt to perform XSS by including HTML in this field, or even attempt SQL injection.


Not available for firefox 35.0
12

HTTP Content Security Policy Detector 0.78


It scrutinizes the HTTP Response Headers for the presence of X-Content-Security-Policy.
13

SiteCheck extension for Firefox 1.0.3


Scan any website for security issues, blacklisting, and malware with Sucuri SiteCheck
14

Clickjacking Reveal 1.1


This extension tries to warn you if it found clickjacking technique on the page you are viewing.
15

Clickjacking Defense - Declarative Sec Detector 0.77


It scrutinizes the HTTP Response Headers for the presence of X-Frame-Options Header
16

Policeman 0.18.1


Policeman gives you precise control over what web requests are allowed. Create rules based on domain name and type of resource being requested. It can also be used to improve privacy or block cross-site scripts.
17

XSSed Search 20101014


Search the cross-site scripting database at XSSed.Com
18

Remove Cookie(s) for Site 0.63


A very simple extension to remove all the cookies of currently opened site. It adds an option to the Right Click menu of the page, and a Clear Cookies Button to perform this operation. It displays the status of operation in the status bar
19

Simple Site Blocker 1.1


A simple site blocker with whitelist features.
20

Controle de Scripts 1.0.3


Controle de Scripts is an extension that allows you to control what JavaScripts do on your browser. It adds extra settings to your browser preferences window, improving its native JavaScript control interface.
21

CSRF Finder 1.2


CSRF Finder captures http request and looks csrf vulnerability
22

RequestPolicy 0.5.28


Be in control of which cross-site requests are allowed. Improve the privacy of your browsing by not letting other sites know your browsing habits. Secure yourself from Cross-Site Request Forgery (CSRF) and other attacks.
23

CsFire 1.0.8


CsFire autonomously protects you against dangerous or malicious cross-domain requests, such as Cross-Site Request Forgery (CSRF). CSRF is very prevalent and dangerous, as stated by the OWASP top 10, as well as the CWE/SANS top 25 programming errors.
24

Self-Destructing Cookies 0.4.7


Fix the web. Gets rid of a site's cookies and LocalStorage as soon as you close its tabs. Protects against trackers and zombie-cookies. Trustworthy services can be whitelisted.
25

SQL Inject Me 0.4.7


SQL Injection vulnerabilites can cause a lot of damage to a web application. A malicious user can possibly view records, delete records, drop tables or gain access to your server. SQL Inject-Me is Firefox Extension used to test for SQL Injection vulnerabilities.
26

SecurityFocus Vulnerabilities search plugin 20091001


This plugin lets you search on Security Focus Vulnerabilities.
27

SurfPatrol 1.2.1


SurfPatrol invisibly scans your browser and signals to you if any vulnerability in Firefox or its plugin is found. Notifications are displayed on the browser’s toolbar.
28

Heartbleed Monitor 0.2.1


A Firefox add-on to notify you when you visit a webpage vulnerable to Heartbleed
29

PunkSPIDER 1.0


Displays web vulnerability information from PunkSPIDER about the site you're currently visiting. PunkSPIDER is an open source project that scans the entire Internet for web vulnerabilities and provides the results free and open to the public.

Network Security Awareness Event

Topic: Network and Wireless Security
Venue: VIIT E&TC Dept
Time: 10:30 am to 12:30pm
Date: 9th March 2015

We conducted Network and Wireless security awareness event in E&TC dept of VIIT. Final year (BE) elex students were the attendees of the event.

I explain basic of network security and properties of security such as confidentiality, integrity, authentication, and availability.

Siddharth Rao demonstrated WPA2 password hacking technique and email credential harvesting using phishing site. Then he explained how to countermeasure these hacks.

Photos:






Wednesday, February 25, 2015

Coding for Firefox

Event Name: Coding for Firefox, VIIT Pune
Time: 11:00 am to 6:00 pm
Date:  24th Feb 2015
Venue: VIIT, Pune
Hashtags: #firefoxcodepune, #firefoxstudents, #viitfirefoxclub

The VIIT Firefox Club organized an event "Coding for Firefox" on 24th February in Internet Lab (System Dept) VIIT.   Total 40 Computer Engineering students attended the event.

Our Goals:
A] Introduction and contributing to Mozilla
B] Getting ready for development,
C] Building Firefox,
D] Getting ready to work on your first bug,
E] Using online tools to help productivity,
F] Front end Firefox development tools


Output of the Event:
1) 18 New Mozillians recruited.
2) All participants became member of VIIT Firefox Club
3) All participants registered for the FSA.

Photos:






= Was it worth it? =-
According to my knowledge, Yes. The audience was satisfied with the content of the event.

-= Should we go again? =-
Yes. I feel its worth the investment.

Monday, February 23, 2015

Remix Hackathon


Event Name: Remix Hackathon, VIIT Pune
Time: 09:00 am to 6:00 pm
Date:  21st Feb 2015
Venue: VIIT, Pune
Hashtags: #viitremixhackathon, #firefoxstudents, #viitfirefoxclub


The VIIT Firefox Club organized an event "Remix Hackthon" on 21st and 22nd February in Internet Lab (System Dept) VIIT.

The event started at 09: 00am. Dyvik and I conducted sessions during the event on following topics:

* SUMO
* WEBMAKER
  ** THIMBLE
  ** POPCORN
  ** X-RAY GOGGLES
* APPMAKER
* LOCALIZATION
* FIREFOX OS
* ONE AND DONE
* Bugzilla

This event created an open platform for technologists and also people from Non-technical branches to state that anything that is modified on web is called a hack. Exactly to say it was not an appday but we allowed people to build applications upon their interest. In this hackathon we teaught all about contributing to localization, Webmaker, MDN, App development, Helping on
support.mozilla.org, filing bugs,testing and many more ways to contribute.










Sunday, February 8, 2015

Event Name: Firefox OS Apps Day (App Day in a Box (ADIAB)), Pune
Time: 10:00 am to 5:00 pm
Date:  24th August 2014
Venue: VIIT, Pune
Hashtags: #apphackdaypune, #firefoxstudents

-= Audience and size =-
There were 20 people who attended the event. All participants were Third Year and Final Year(B.E) engineering students of Information Technology and Computer Engineering in VIIT Engg College, Pune. Overall, they seemed to have good knowledge of web technologies ( HTML, JavaScript) and interested in open source contributions.

-= Our Goals =-


  1. Educate and inspire developers to work on HTML5 apps and submit them to the Firefox Marketplace
  2. Create opportunities for local developers to showcase their apps
  3. Raise awareness of Firefox OS and the developer ecosystem
  4. Brainstorm app ideas

Saturday, January 24, 2015

FirefoxOS APP Contribution- Test, Review and Develop apps on Tarako Devices

Event Name: FirefoxOS APP Contribution- Test, Review and Develop apps on Tarako Devices
Date: 24 January 2015
Time: 10:00am to 5:00pm
Hashtag:  #apphackingpune

The event attendees were  second year and third year Computer Engg students of VIIT. More that 25 people attended the event. SiddhartRao, Prasad Seth, I and Aniket Deshpande conducted sessions in the event.

This event focus on to teach audience: how to create an App using Appmaker. In addition, we also introduced Firefox Marketplace to the audience and taught them how to download and test apps from the Firefox Marketplace. Also, submit Ranking and Reviews of the tested apps on the Firefox Marketplace. 

Our Goals:
1) AppMaker Introduction and Demonstration: Educate and inspire developers to work on HTML5 apps and submit them to the Firefox Marketplace
2) Test, Rate and Review apps on the Firefox Marketplace.

Event Output:

1) Total 61 apps are downloaded and tested by event participants during the event. The participants also submitted reviews on Firefox Marketplace for the apps they tested.

2) All participants sign-up for FSA (Firefox Student Ambassador) program.

3) All participants became members of VIIT_Firefox_Club

4) Participants developed partial apps using AppMaker.



Event Photos: