Web Security Audit Autor: Francesco De Stefano
Passively audits the security posture on current page
Na použitie tohto rozšírenia budete potrebovať Firefox
Metadáta rozšírenia
Snímky obrazovky
O tomto rozšírení
The goal of this project is to build an add-on for browser that passively audits the security posture of the websites that the user is visiting. Assume that the tool is to be used on non-malicious websites, currently not under attack or compromised. Add-on wants to report security misconfigurations, or failure to use best security practices.
- Add-on tries to analysis the commonly vulnerable setting of servers: lack of use of security-relevant headers, including:
- strict-transport-security
- x-xss-protection
- content-security-policy
- x-frame-options
- x-content-type-options
- It doesn't to interfere with the functioning of the visited website.
- It doesn't tamper with request parameters, or issue requests that were not initiated by the user (it is not active scanning).
- Incrementally generate a report in a separate window.
- Each report entry have a numeric score to indicate approximately its severity, as a way to prioritise further investigation by a human analyst [Common Vulnerability Scoring System](https://en.wikipedia.org/wiki/Common_Vulnerability_Scoring_System).
### Limitations
- Add-on only works on sites that allow content scripts.
- Add-on tries to analysis the commonly vulnerable setting of servers: lack of use of security-relevant headers, including:
- strict-transport-security
- x-xss-protection
- content-security-policy
- x-frame-options
- x-content-type-options
- It doesn't to interfere with the functioning of the visited website.
- It doesn't tamper with request parameters, or issue requests that were not initiated by the user (it is not active scanning).
- Incrementally generate a report in a separate window.
- Each report entry have a numeric score to indicate approximately its severity, as a way to prioritise further investigation by a human analyst [Common Vulnerability Scoring System](https://en.wikipedia.org/wiki/Common_Vulnerability_Scoring_System).
### Limitations
- Add-on only works on sites that allow content scripts.
Ohodnoťte svoju skúsenosť
Podporte tohto vývojára
Vývojár tohto rozšírenia žiada o podporu v jeho vývoji zaslaním malého príspevku.
PovoleniaĎalšie informácie
Tento doplnok potrebuje:
- Pristupovať k údajom pre všetky webové stránky
Ďalšie informácie
- Odkazy doplnku
- Verzia
- 1.0
- Veľkosť
- 24,75 kB
- Posledná aktualizácia
- pred 4 rokmi (13. feb 2020)
- Príbuzné kategórie
- Licencia
- Mozilla Public License 2.0
- História verzií
Pridať do kolekcie
Ďalšie rozšírenia od autora Francesco De Stefano
Doplnok zatiaľ nie je ohodnotený- Doplnok zatiaľ nie je ohodnotený
- Doplnok zatiaľ nie je ohodnotený
- Doplnok zatiaľ nie je ohodnotený
- Doplnok zatiaľ nie je ohodnotený
- Doplnok zatiaľ nie je ohodnotený