Web Security Audit par Francesco De Stefano
Passively audits the security posture on current page
Vous avez besoin de Firefox pour utiliser cette extension
MĂ©tadonnĂ©es de lâextension
Captures dâĂ©cran
Ă propos de cette extension
The goal of this project is to build an add-on for browser that passively audits the security posture of the websites that the user is visiting. Assume that the tool is to be used on non-malicious websites, currently not under attack or compromised. Add-on wants to report security misconfigurations, or failure to use best security practices.
- Add-on tries to analysis the commonly vulnerable setting of servers: lack of use of security-relevant headers, including:
- strict-transport-security
- x-xss-protection
- content-security-policy
- x-frame-options
- x-content-type-options
- It doesn't to interfere with the functioning of the visited website.
- It doesn't tamper with request parameters, or issue requests that were not initiated by the user (it is not active scanning).
- Incrementally generate a report in a separate window.
- Each report entry have a numeric score to indicate approximately its severity, as a way to prioritise further investigation by a human analyst [Common Vulnerability Scoring System](https://en.wikipedia.org/wiki/Common_Vulnerability_Scoring_System).
### Limitations
- Add-on only works on sites that allow content scripts.
- Add-on tries to analysis the commonly vulnerable setting of servers: lack of use of security-relevant headers, including:
- strict-transport-security
- x-xss-protection
- content-security-policy
- x-frame-options
- x-content-type-options
- It doesn't to interfere with the functioning of the visited website.
- It doesn't tamper with request parameters, or issue requests that were not initiated by the user (it is not active scanning).
- Incrementally generate a report in a separate window.
- Each report entry have a numeric score to indicate approximately its severity, as a way to prioritise further investigation by a human analyst [Common Vulnerability Scoring System](https://en.wikipedia.org/wiki/Common_Vulnerability_Scoring_System).
### Limitations
- Add-on only works on sites that allow content scripts.
Ăvaluez votre expĂ©rience
Soutenir ce développeur
Le dĂ©veloppeur de cette extension demande que vous lâaidiez Ă assurer la poursuite de son dĂ©veloppement en lui versant une petite contribution.
PermissionsEn savoir plus
Ce module a besoin de :
- Accéder à vos données pour tous les sites web
Plus dâinformations
- Liens du module
- Version
- 1.0
- Taille
- 24,75Â Ko
- DerniĂšre mise Ă jour
- il y a 5 ans (13 févr. 2020)
- Catégories associées
- Licence
- Mozilla Public License 2.0
- Historique des versions
Ajouter Ă la collection
Plus de modules créés par Francesco De Stefano
Il nây a aucune note pour lâinstant- Il nây a aucune note pour lâinstant
- Il nây a aucune note pour lâinstant
- Il nây a aucune note pour lâinstant
- Il nây a aucune note pour lâinstant
- Il nây a aucune note pour lâinstant