MozSecWorld is a project mainly written in PYTHON and JAVASCRIPT, based on the BSD-3-Clause, Unknown licenses found.
Mozilla Secure World
MozSecWorld is a web security reference site. It can teach you simple ways that you can make your own websites more secure. You'll learn through diagrams, explanations, and best of all, live demos! :) If you are a web developer, you might find the open-source code for each demo helpful too.
More specifically, MozSecWorld is a running Django web application demonstrating major security paradigms used within Mozilla web applications and security capabilities of modern browsers. Our goal is to help make the web more secure for all.
The MozSecWorld Beta is running at https://mozsecworld.org, the server has some problems that is making clicks very slow.
Email mozsecworld at gmail dot com
to receive an update email as soon as the website is functional.
Feel free to email us anything else related to this project. We'd love to hear from you!
Cross Domain
Input Validation
Good Authentication
Access Control
Transport Security [coming soon]
Get the repository: git clone https://github.com/haoqili/MozSecWorld
Get the vendor: cd MozSecWorld/vendor
and do git clone --recursive git://github.com/mozilla/playdoh-lib.git .
cd vendor/src/jingo-minfy && git fetch origin && git checkout origin/master
cp settings_local.py-dist settings_local.py
and then put in an account's user and password in settings_local.py
, for example 'USER' : 'msw_user', 'PASSWORD' : 'm3dRL2Asw7'
Get Google Safe Browsing Key and fill it in on settings_local.py
Get Recaptcha keys and fill it in on settings_local.py
Mysql setup:
get mysql server: sudo apt-get install mysql-server
mysql -u root -p
mysql> show databases;
mysql> select user, host from myqsl.user;
mysql> grant all on mozsecworld.* to msw_user@localhost identified by 'm3dRL2Asw7';
mysql> create database mozsecworld;
Get pip: sudo apt-get install python-pip
Get bcrypt: sudo pip install py-bcrypt
. If you have rhel, you can do yum install py-bcrypt
Get jinja2: sudo pip install jinja2
run the server: python manage.py runserver
and you should see
Validating models... 0 errors found ...
go to 127.0.0.1:8000/msw and you should see a green-themed page :D
TODO: add default mysql
TODO: try pip install -r requirements/compiled.txt
workon playdoh
to go to Mozilla playdoh's environment
mysql.server start
to start the MySQL database
./manage.py runserver
starts the Django server so I can navigate to http://127.0.0.1:8000/msw/
apps/msw/models.py --> mysql
apps/msw/urls.py --> apps/msw/views.py --> apps/msw/templates/msw/*
Add bleach: pip install -e git://github.com/jsocol/bleach.git#egg=bleach
... actually this has been updated to playdoh.
Download recaptcha-client http://pypi.python.org/pypi/recaptcha-client read http://curioushq.blogspot.com/2011/07/recaptcha-on-django.html
CEF: inside your project home dir, do: pip install --no-install --build=vendor-local/packages --src=vendor-local/src -I cef
for more info
Image Upload
pip install --no-install --build=vendor-local/packages --src=vendor-local/src -I pil
brew install jpeg
pip install PIL==1.1.7 --upgrade
pip install pyopenssl