-
Notifications
You must be signed in to change notification settings - Fork 2
Gsoc2013_Enhancing_HTTP_Sessions
During GSoC 2012, I've worked (under the mentorship of Simon Bennetts) on developing the Http Sessions Extension. In its current version, it has the ability to identify HTTP Sessions (based on Cookie session tokens), to force the creation of a new session by removing any session tokens and to force all the requests to be on a particular session, by properly setting the session tokens.
The work for this Google of Summer of Code consists of enhancing the HTTP Session handling of ZAP in order to add the capability to set up and/or identify users and roles and in order to add a series of various views, actions and scans that are dependent on a particular user/role.
- allow users to set up and manage users/roles
- allow ZAP to understand users/roles and associate them to HTTP Sessions
- implement a structured mechanism/interface to allow other extensions to handle HTTP Sessions and to send requests from the perspective of a user/role on a per-extension basis
- allow users to perform various scans (e.g. Spider) from the perspective of a particular user/role
- allow users to view subsets of the sites present in the Site Tree or History Tab based on a particular user/role
- allow users to compare which parts of a web application are visible by two different Users/Roles
- allow users to test access control with a tool that tries to access the URLs that each User/Role shouldn't have access to
- thorough documentation for the developed parts
- thorough testing for the implementation
I'm Cosmin and I'm currently following the Digital Media Engineering Master Programme at the Denmark Technical University, after obtaining a BSc in Computer Science and Engineering at the Politehnica University of Bucharest. I’m passionate about mobile & web development and security, keen to develop myself and in a permanent search for great outdoors adventures. I really enjoy spending quality time with my friends and family and I never say no to a good movie.
This section is used for keeping an up-to-date status of the project, my goals and the things that were being worked on in each week. It is only a summary of the most important achievements and it is not meant to be a full and detailed log.
| Initial discussions with both Guifre and Simon | Done |
|---|---|
| High-Level design of core components for the User Authentication Manager | Done |
| Design and UI Mockups for 2 UI options: Tab vs Session Panel | Done |
| Discussion of high-level design | Done |
| Discussion of high-level design and suggestions | Pending |
|---|---|
| Initial definition of interfaces and abstract components of core entities (e.g. Users, Roles, AuthenticationMethods etc.) | Pending |
| Implementation of Users UI options panel in the Session Options section | Pending |