{"id":1434,"date":"2013-09-04T15:55:38","date_gmt":"2013-09-04T22:55:38","guid":{"rendered":"http:\/\/blog.mozilla.org\/security\/?p=1434"},"modified":"2013-09-04T15:55:38","modified_gmt":"2013-09-04T22:55:38","slug":"a-new-focus-on-security-in-the-web-console","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2013\/09\/04\/a-new-focus-on-security-in-the-web-console\/","title":{"rendered":"A New Focus on Security in the Web Console"},"content":{"rendered":"

Web developers need better tools to help them debug security issues. The Web Console, part of the Firefox Developer Tools, shows errors and warnings filtered into different categories. Firefox 23 adds a new category of messages to the Web Console: Security messages.<\/p>\n

\"Toggle<\/a>

Toggle buttons for categories of messages in the Web Console<\/p><\/div>\n

The Security toggle button and messages are red to warn developers, since some of these messages indicate that your site has a security vulnerability.<\/p>\n

Once we had a dedicated place for security messages, we had to decide what kinds of issues should be reported to developers. Ivan Alagenchev, a security engineering intern, spent the summer improving security reporting to fulfill the following goals:<\/p>\n

    \n
  1. Warn developers about altered site behavior that is due to a security feature (for example, resource loads blocked by the Mixed Content Blocker<\/a> or the Same Origin Policy<\/a>).<\/li>\n
  2. Warn developers about mistakes made in implementing security features (for example, using deprecated CSP headers<\/a>, or mistyping an HSTS header<\/a>).<\/li>\n
  3. Warn developers about common security risks (for example, putting password fields on insecure pages<\/a>).<\/li>\n<\/ol>\n

    Here are example screenshots of some of the new Security messages:<\/p>\n

    \"Errors<\/a>

    Warnings for loading mixed content<\/p><\/div>\n

    \"Warning<\/a>

    Warning for detected password field on an insecure page.<\/p><\/div>\n

    These specific messages are available to current Nightly users and will be part of upcoming stable releases.<\/p>\n

    While security should be of paramount importance to any developer, it is a complex subject that is not always part of a web developer’s education and often appears at inconvenient times. This new messaging helps developers find security-related problems early on in the development life cycle so they can be resolved quickly and effectively.<\/p>\n

    Additionally, these messages help educate developers about common issues in web security. Many of the new messages end with a “Learn More” link that takes you to a wiki with background information and advice for mitigating the security issue.<\/p>\n

    Bug 863874<\/a> is the meta-bug for logging relevant security messages to the Web Console. If you have more ideas for useful features like the ones discussed here, or are interested in contributing, check out the metabug and its dependencies!<\/p>\n","protected":false},"excerpt":{"rendered":"

    Web developers need better tools to help them debug security issues. The Web Console, part of the Firefox Developer Tools, shows errors and warnings filtered into different categories. Firefox 23 … Read more<\/a><\/p>\n","protected":false},"author":1438,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30,69],"tags":[],"coauthors":[],"yoast_head":"\nA New Focus on Security in the Web Console - Mozilla Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2013\/09\/04\/a-new-focus-on-security-in-the-web-console\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"mozilla\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2013\/09\/04\/a-new-focus-on-security-in-the-web-console\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2013\/09\/04\/a-new-focus-on-security-in-the-web-console\/\",\"name\":\"A New Focus on Security in the Web Console - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2013\/09\/04\/a-new-focus-on-security-in-the-web-console\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2013\/09\/04\/a-new-focus-on-security-in-the-web-console\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.mozilla.org\/security\/files\/2013\/09\/row-of-buttons.png\",\"datePublished\":\"2013-09-04T22:55:38+00:00\",\"dateModified\":\"2013-09-04T22:55:38+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/70ae25c16f09d053c6d8b5eac29dbda9\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2013\/09\/04\/a-new-focus-on-security-in-the-web-console\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2013\/09\/04\/a-new-focus-on-security-in-the-web-console\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2013\/09\/04\/a-new-focus-on-security-in-the-web-console\/#primaryimage\",\"url\":\"https:\/\/blog.mozilla.org\/security\/files\/2013\/09\/row-of-buttons.png\",\"contentUrl\":\"https:\/\/blog.mozilla.org\/security\/files\/2013\/09\/row-of-buttons.png\",\"width\":543,\"height\":193,\"caption\":\"Toggle buttons for categories of messages in the Web Console\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2013\/09\/04\/a-new-focus-on-security-in-the-web-console\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A New Focus on Security in the Web Console\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/70ae25c16f09d053c6d8b5eac29dbda9\",\"name\":\"mozilla\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/98138a294cb6e19a68b02ef8ca9be2dc\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/75d2017e019c87560fe5d148a64659dc?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/75d2017e019c87560fe5d148a64659dc?s=96&d=identicon&r=g\",\"caption\":\"mozilla\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A New Focus on Security in the Web Console - Mozilla Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2013\/09\/04\/a-new-focus-on-security-in-the-web-console\/","twitter_misc":{"Written by":"mozilla","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2013\/09\/04\/a-new-focus-on-security-in-the-web-console\/","url":"https:\/\/blog.mozilla.org\/security\/2013\/09\/04\/a-new-focus-on-security-in-the-web-console\/","name":"A New Focus on Security in the Web Console - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.mozilla.org\/security\/2013\/09\/04\/a-new-focus-on-security-in-the-web-console\/#primaryimage"},"image":{"@id":"https:\/\/blog.mozilla.org\/security\/2013\/09\/04\/a-new-focus-on-security-in-the-web-console\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.mozilla.org\/security\/files\/2013\/09\/row-of-buttons.png","datePublished":"2013-09-04T22:55:38+00:00","dateModified":"2013-09-04T22:55:38+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/70ae25c16f09d053c6d8b5eac29dbda9"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2013\/09\/04\/a-new-focus-on-security-in-the-web-console\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2013\/09\/04\/a-new-focus-on-security-in-the-web-console\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/2013\/09\/04\/a-new-focus-on-security-in-the-web-console\/#primaryimage","url":"https:\/\/blog.mozilla.org\/security\/files\/2013\/09\/row-of-buttons.png","contentUrl":"https:\/\/blog.mozilla.org\/security\/files\/2013\/09\/row-of-buttons.png","width":543,"height":193,"caption":"Toggle buttons for categories of messages in the Web Console"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2013\/09\/04\/a-new-focus-on-security-in-the-web-console\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"A New Focus on Security in the Web Console"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/70ae25c16f09d053c6d8b5eac29dbda9","name":"mozilla","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/98138a294cb6e19a68b02ef8ca9be2dc","url":"https:\/\/secure.gravatar.com\/avatar\/75d2017e019c87560fe5d148a64659dc?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/75d2017e019c87560fe5d148a64659dc?s=96&d=identicon&r=g","caption":"mozilla"}}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/1434"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/1438"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=1434"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/1434\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=1434"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=1434"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=1434"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=1434"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}