{"id":62021,"date":"2013-07-30T00:00:00","date_gmt":"2013-07-30T00:00:00","guid":{"rendered":"http:\/\/blog.mozilla.org\/foxtail\/2013\/07\/30\/mozilla-continues-to-build-the-web-as-a-platform-for-security\/"},"modified":"2021-02-08T20:31:39","modified_gmt":"2021-02-08T20:31:39","slug":"mozilla-continues-to-build-the-web-as-a-platform-for-security","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/en\/mozilla\/mozilla-continues-to-build-the-web-as-a-platform-for-security\/","title":{"rendered":"Mozilla Continues to Build the Web as a Platform for Security"},"content":{"rendered":"<p>Mozilla continues to build the Web as a platform for security which is a crucial part of our mission to move the Web forward as a platform for openness, innovation and opportunity for all. Today this platform for security is being advanced through Mozilla and BlackBerry collaborating on advanced automated security testing techniques known as fuzzing and Mozilla introducing Minion, an open source security testing platform intended to be used by developers and security professionals. These research efforts are some of the many ways Mozilla helps make the Web more secure and protect Firefox users.<\/p>\n<p><strong>Mozilla and BlackBerry Collaborate on Fuzzing<\/strong><\/p>\n<p>Mozilla and BlackBerry&#8217;s work on security research techniques are in the area of fault injection. Fault injection (also known as &#8220;fuzzing&#8221;) is a method of automated security testing that is used to identify potential security concerns that can be fixed before users are at risk. Fault injection is a testing technique where specially designed software is created to inject a variety of unexpected or malformed data into a specific application, program or area of code. The goal is to uncover areas where the software does not properly handle the malformed data. Through fault injection it is possible to identify potential security weaknesses that can be proactively addressed before there is ever a threat to users.<\/p>\n<p><a href=\"http:\/\/blog.mozilla.org\/blog\/2013\/07\/30\/mozilla-continues-to-build-the-web-as-a-platform-for-security\/final-jpg-fuzzing-for-bugs-blackberry-mozilla1\/\" rel=\"attachment wp-att-6225\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2013\/07\/Final-jpg-Fuzzing-for-Bugs-BlackBerry-Mozilla1.jpg\" alt=\"Final jpg Fuzzing-for-Bugs-BlackBerry-Mozilla(1)\" width=\"1024\" height=\"768\" class=\"aligncenter size-full wp-image-6225\" srcset=\"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2013\/07\/Final-jpg-Fuzzing-for-Bugs-BlackBerry-Mozilla1.jpg 1024w, https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2013\/07\/Final-jpg-Fuzzing-for-Bugs-BlackBerry-Mozilla1-300x225.jpg 300w, https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2013\/07\/Final-jpg-Fuzzing-for-Bugs-BlackBerry-Mozilla1-768x576.jpg 768w, https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2013\/07\/Final-jpg-Fuzzing-for-Bugs-BlackBerry-Mozilla1-1000x750.jpg 1000w, https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2013\/07\/Final-jpg-Fuzzing-for-Bugs-BlackBerry-Mozilla1-600x450.jpg 600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/p>\n<p>The specific area of joint research is <a href=\"http:\/\/peachfuzzer.com\/\">Peach v2, an open source fuzzing framework<\/a> and will also include joint work on other fuzzing software. Mozilla and BlackBerry are working together to advance the Peach fuzzing software for testing Web browsers. We will also collaborate on fuzzing techniques and approaches to jointly raise the security protections provided to our users.<\/p>\n<p>Mozilla has successfully used Peach to perform fuzz testing against HTML5 features such as: image formats, audio\/video formats, fonts, multimedia APIs like WebGL and WebAudio and most recently protocols used in WebRTC. Through our testing, we&#8217;ve proactively identified issues that can be fixed before there was any risk to our users. This testing has proved to be very effective and is helping secure Firefox and Firefox OS users.<\/p>\n<p>BlackBerry has long relied on large-scale automated testing to identify security issues across its platform. The collaboration with Mozilla plugs directly into BlackBerry\u2019s existing security processes and infrastructure. BlackBerry regularly uses third-party fuzzers, in addition to its own proprietary fuzzing tools, static analysis and vulnerability research, in order to identify and address potential security concerns across its portfolio of products and services. <\/p>\n<p>Adrian Stone, Director of BlackBerry Security Response and Threat Analysis, shared that he is excited about the work Mozilla and BlackBerry researchers are conducting and the potential benefits for customers. He said, \u201cSecurity is an industry-wide challenge that cannot be solved in a vacuum, and that is why BlackBerry and Mozilla security researchers are working together to develop new and innovative tools for detecting browser threats before they can affect both mobile and desktop customers. Through this collaboration, BlackBerry and Mozilla are working together towards the common goal of advancing security protections for customers as well as improving the threat landscape overall.\u201d<\/p>\n<p>Mozilla and BlackBerry have worked together on fuzzing activities in the past and both recognize the importance of continued automated security testing techniques in order to protect users on the open Web.<\/p>\n<p><strong>Mozilla Introduces Minion<\/strong><\/p>\n<p>Mozilla also introduced <a href=\"https:\/\/blog.mozilla.org\/security\/2013\/07\/30\/introducing-minion\/\">Minion, a security testing platform<\/a> that is intended to be used by developers and security professionals. Minion is free, open source and available for use. Minion is under active development and many new features are in progress.<\/p>\n<p>The Minion testing platform takes a different approach to automated web security testing by focusing on correct and actionable results that don\u2019t require a security professional to validate. Many security tools generate excessive amounts of data, including incorrectly identified issues that require many hours of specialized research by a security professional. Minion favors accuracy and simplicity and is designed so every developer, regardless of security expertise, can use this platform to increase the security of their applications.<\/p>\n<p>By putting usable security tools into the hands of developers Mozilla continues to push the security of the Web forward.<\/p>\n<p>-Michael Coates, Director of Security Assurance<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Mozilla continues to build the Web as a platform for security which is a crucial part of our mission to move the Web forward as a platform for openness, innovation and opportunity for all. Today this platform for security is being advanced through Mozilla and BlackBerry collaborating on advanced automated security testing techniques known as [&hellip;]<\/p>\n","protected":false},"author":144,"featured_media":6225,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"coauthors":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Mozilla Continues to Build the Web as a Platform for Security<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/en\/mozilla\/mozilla-continues-to-build-the-web-as-a-platform-for-security\/\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/mozilla\/mozilla-continues-to-build-the-web-as-a-platform-for-security\/\",\"url\":\"https:\/\/blog.mozilla.org\/en\/mozilla\/mozilla-continues-to-build-the-web-as-a-platform-for-security\/\",\"name\":\"Mozilla Continues to Build the Web as a Platform for Security\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.mozilla.org\/en\/mozilla\/mozilla-continues-to-build-the-web-as-a-platform-for-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.mozilla.org\/en\/mozilla\/mozilla-continues-to-build-the-web-as-a-platform-for-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2013\/07\/Final-jpg-Fuzzing-for-Bugs-BlackBerry-Mozilla1.jpg\",\"datePublished\":\"2013-07-30T00:00:00+00:00\",\"dateModified\":\"2021-02-08T20:31:39+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/33edd7d4d73723140487082573041c83\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/en\/mozilla\/mozilla-continues-to-build-the-web-as-a-platform-for-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/en\/mozilla\/mozilla-continues-to-build-the-web-as-a-platform-for-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/mozilla\/mozilla-continues-to-build-the-web-as-a-platform-for-security\/#primaryimage\",\"url\":\"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2013\/07\/Final-jpg-Fuzzing-for-Bugs-BlackBerry-Mozilla1.jpg\",\"contentUrl\":\"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2013\/07\/Final-jpg-Fuzzing-for-Bugs-BlackBerry-Mozilla1.jpg\",\"width\":1024,\"height\":768},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/mozilla\/mozilla-continues-to-build-the-web-as-a-platform-for-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Mozilla Continues to Build the Web as a Platform for Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/en\/\",\"name\":\"The Mozilla Blog\",\"description\":\"News and Updates about Mozilla\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/en\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/33edd7d4d73723140487082573041c83\",\"name\":\"Mozilla\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/image\/f32381c01597770b1131dff44b9d6de1\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f84bd67e8e3ab3bcc9676910aecf5700?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f84bd67e8e3ab3bcc9676910aecf5700?s=96&d=mm&r=g\",\"caption\":\"Mozilla\"},\"url\":\"https:\/\/blog.mozilla.org\/en\/author\/mozilla\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mozilla Continues to Build the Web as a Platform for Security","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/en\/mozilla\/mozilla-continues-to-build-the-web-as-a-platform-for-security\/","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/en\/mozilla\/mozilla-continues-to-build-the-web-as-a-platform-for-security\/","url":"https:\/\/blog.mozilla.org\/en\/mozilla\/mozilla-continues-to-build-the-web-as-a-platform-for-security\/","name":"Mozilla Continues to Build the Web as a Platform for Security","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.mozilla.org\/en\/mozilla\/mozilla-continues-to-build-the-web-as-a-platform-for-security\/#primaryimage"},"image":{"@id":"https:\/\/blog.mozilla.org\/en\/mozilla\/mozilla-continues-to-build-the-web-as-a-platform-for-security\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2013\/07\/Final-jpg-Fuzzing-for-Bugs-BlackBerry-Mozilla1.jpg","datePublished":"2013-07-30T00:00:00+00:00","dateModified":"2021-02-08T20:31:39+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/33edd7d4d73723140487082573041c83"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/en\/mozilla\/mozilla-continues-to-build-the-web-as-a-platform-for-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/en\/mozilla\/mozilla-continues-to-build-the-web-as-a-platform-for-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/en\/mozilla\/mozilla-continues-to-build-the-web-as-a-platform-for-security\/#primaryimage","url":"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2013\/07\/Final-jpg-Fuzzing-for-Bugs-BlackBerry-Mozilla1.jpg","contentUrl":"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2013\/07\/Final-jpg-Fuzzing-for-Bugs-BlackBerry-Mozilla1.jpg","width":1024,"height":768},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/en\/mozilla\/mozilla-continues-to-build-the-web-as-a-platform-for-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/en\/"},{"@type":"ListItem","position":2,"name":"Mozilla Continues to Build the Web as a Platform for Security"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/en\/#website","url":"https:\/\/blog.mozilla.org\/en\/","name":"The Mozilla Blog","description":"News and Updates about Mozilla","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/en\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/33edd7d4d73723140487082573041c83","name":"Mozilla","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/image\/f32381c01597770b1131dff44b9d6de1","url":"https:\/\/secure.gravatar.com\/avatar\/f84bd67e8e3ab3bcc9676910aecf5700?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f84bd67e8e3ab3bcc9676910aecf5700?s=96&d=mm&r=g","caption":"Mozilla"},"url":"https:\/\/blog.mozilla.org\/en\/author\/mozilla\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/posts\/62021"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/users\/144"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/comments?post=62021"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/posts\/62021\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/media\/6225"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/media?parent=62021"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/categories?post=62021"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/tags?post=62021"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/coauthors?post=62021"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}