Mozilla has introduced Minion, a free open-source security testing platform for developers and security professionals.
The Minion testing platform takes a different approach to automated Web security testing by focusing on correct and actionable results that don’t require a security professional to validate.
Michael Coates (Director, Security Assurance, Mozilla): Many security tools generate excessive amounts of data, including incorrectly identified issues that require many hours of specialized research by a security professional. Minion favors accuracy and simplicity and is designed so every developer, regardless of security expertise, can use this platform to increase the security of their applications.
At a high level there are three major components in Minion: Plugins, Task Engine, and Front End.
Minon Plugins are light-weight wrappers that perform tasks such as configuring, starting, stopping a plan, and accept a set of callbacks to notify the caller that information is available.
The Task Engine is the core platform; it provides an API for managing and configuring Plans (collections of plugins and configurations), collections of users, sites and services, and the results of executions of Plans against those targets.
The Front End is a web application that provides both administration and usage of Minion; users can perform most of the configuration tasks needed to set up Minion plans, targets and users, as well as review the results of Minion scans.
Being a Mozilla project, the front-end uses Persona for authentication, but all access control based decisions are built into Minion itself.
Minion is under active development and new features are in progress.
You may also be interested in: