After Google’s Summer of code, covering another season of programming, we applied and got selected for Mozilla’s Winter of Security program and will be working with our mentors for these winters – 2016.
We will be working on a security utility called `ssh_scan`, which basically is a configuration and policy scanner for SSH servers. This is a native ruby project and relies on minimal dependencies to do its work. You can take a look at its initial functionality here: https://asciinema.org/a/7pliiw5zqhj7eqvz7q437u6vx
It has been some time since we have been working with this now and we already have a command-line tool which just needs an SSH service(to be scanned) and gives back a JSON report for possible improvements. We follow a Test-driven Development approach to keep our code tested and try to keep our test coverage high. We are also using Travis CI for continuous integration of our tool across various ruby version(about 5). We also have an official `ssh_scan` blog running on jekyll which you can take a look here: https://mozilla.github.io/ssh_scan//2016/10/20/first-meeting-with-mwos-project-team.html
So this was just an introductory post about Mozilla Winter of Security program and I will talk about my work in the following blogs. Until then