Articles in “General”

Sometimes we’re asked for guidance on something and the result seems worth sharing; this one is about useful things to consider when using JSON for information that needs to stay … Read more

On January 25th, with the help of many volunteers, we hosted the first Mozilla Capture The Flag (CTF). The Mozilla CTF will be a recurring security event, although we are … Read more

We’re nearly three quarters the way through 2011 and we wanted to provide an update on the progress of the Mozilla bug bounty programs.  The goal of the Mozilla bounty … Read more

Mozilla will be sending several security folks to this year’s OWASP AppSecUSA conference held in Minneapolis, MN on Thursday and Friday (Sept 22, 23).  Stop by and find one of … Read more

Michael Coates from Mozilla’s Infrastructure Security team presented on top web security threats and how new security controls in Firefox can be leveraged to increase the security of a website … Read more

Over the weekend Mozilla led an open source boot camp at Stanford University with a great lineup of courses including a hands-on web security lab where students performed actual exploits … Read more

HTTPOnly, Secure Flag, Strict Transport Security, X-Frame-Options, Content Security Policy The vast majority of application security occurs within the application’s code. However, there are a few key security controls that … Read more

The AppSec space is an extremely challenging field to work in, largely due to asymmetry; when you play defence you have to work to stay on top of each emerging … Read more

We are working hard to advance the security of Mozilla web applications.  This includes efforts such as threat modelling, security training, security throughout development, code review, testing, the bounty program, … Read more