Web Security Audit nga Francesco De Stefano
Passively audits the security posture on current page
Që të përdorni këtë zgjerim, ju duhet Firefox-i
Tejtëdhëna Zgjerimi
Foto ekrani
Rreth këtij zgjerimi
The goal of this project is to build an add-on for browser that passively audits the security posture of the websites that the user is visiting. Assume that the tool is to be used on non-malicious websites, currently not under attack or compromised. Add-on wants to report security misconfigurations, or failure to use best security practices.
- Add-on tries to analysis the commonly vulnerable setting of servers: lack of use of security-relevant headers, including:
- strict-transport-security
- x-xss-protection
- content-security-policy
- x-frame-options
- x-content-type-options
- It doesn't to interfere with the functioning of the visited website.
- It doesn't tamper with request parameters, or issue requests that were not initiated by the user (it is not active scanning).
- Incrementally generate a report in a separate window.
- Each report entry have a numeric score to indicate approximately its severity, as a way to prioritise further investigation by a human analyst [Common Vulnerability Scoring System](https://en.wikipedia.org/wiki/Common_Vulnerability_Scoring_System).
### Limitations
- Add-on only works on sites that allow content scripts.
- Add-on tries to analysis the commonly vulnerable setting of servers: lack of use of security-relevant headers, including:
- strict-transport-security
- x-xss-protection
- content-security-policy
- x-frame-options
- x-content-type-options
- It doesn't to interfere with the functioning of the visited website.
- It doesn't tamper with request parameters, or issue requests that were not initiated by the user (it is not active scanning).
- Incrementally generate a report in a separate window.
- Each report entry have a numeric score to indicate approximately its severity, as a way to prioritise further investigation by a human analyst [Common Vulnerability Scoring System](https://en.wikipedia.org/wiki/Common_Vulnerability_Scoring_System).
### Limitations
- Add-on only works on sites that allow content scripts.
Vlerësoni rastin tuaj
Përkraheni këtë zhvillues
Zhvilluesi i kësaj shtese dëshiron që të ndihmoni duke mbështetur zhvillimin e mëtejshëm të saj përmes një kontributi të vogël.
LejeMësoni më tepër
Kjo shtesë ka nevojë për:
- Të hyjë në të dhënat tuaja për krejt sajtet
Më tepër të dhëna
- Lidhje shtese
- Version
- 1.0
- Madhësi
- 24,75 KB
- Përditësuar së fundi më
- 4 vite më parë (13 Shk 2020)
- Kategori të Afërta
- Licencë
- Mozilla Public License 2.0
- Historik Versionesh
Shtojeni në koleksion
Më tepër zgjerime nga Francesco De Stefano
Ende pa vlerësime- Ende pa vlerësime
- Ende pa vlerësime
- Ende pa vlerësime
- Ende pa vlerësime
- Ende pa vlerësime