Today, Mozilla has launched Minion, a free and open-source tool for web developers to start building more secure apps from the ground up.
“Many security tools generate excessive amounts of data, including incorrectly identified issues that require many hours of specialized research by a security professional,” writes Mozilla security director Michael Coates today on the company blog.
“Minion favors accuracy and simplicity and is designed so every developer, regardless of security expertise, can use this platform to increase the security of their applications.”
Minion includes plugins (automation scripts for scanning and collecting results), a task engine (for managing all your users, sites, and scans on the platform), and a front end (access to and feedback from the Minion platform).
“Minion is built with Python, Angular.js, and several packages that assist in ensuring a reliable end to end service,” the Mozilla team writes.
“But the architecture and each of the service boundaries are intended to use JSON calls to permit easy integration with other services. Because of the design principles applied, it is entirely possible to implement plugins that run on any operating system or platform, and do not need to reside on the same service. With the appropriate network configurations it is possible to deploy the front-end, task engine, and plugins on different networks, which allows users to isolate the amount of attack surface that needs to be deployed in sensitive networks.”
Editor’s note: Our upcoming CloudBeat conference, Sept. 9-10 in San Francisco, will be tackling revolutionary cases of enterprise cloud usage, including how services (including security services) are being integrated into cloud apps. Register today!
Coming soon are granular controls over which users get to scan what sites, better plugins and results, and static analyses of code repositories.
Eventually, Minion also will include customizable dashboards so more heavily technical team members can set up metrics and visualizations for other users — kind of like a free New Relic for security-monitoring.
Shameless plug: Developer-first security is one of the main themes of DevBeat, our 2013 conference for developers of all stripes to learn, hack, and be inspired. You should get your discounted tickets while they last!