Firefox ๋ธŒ๋ผ์šฐ์ € ๋ถ€๊ฐ€ ๊ธฐ๋Šฅ
  • ํ™•์žฅ ๊ธฐ๋Šฅ
  • ํ…Œ๋งˆ
    • Firefox์šฉ
    • ์‚ฌ์ „ ๋ฐ ์–ธ์–ด ํŒฉ
    • ๋‹ค๋ฅธ ๋ธŒ๋ผ์šฐ์ € ์‚ฌ์ดํŠธ
    • Android ๋ถ€๊ฐ€ ๊ธฐ๋Šฅ
๋กœ๊ทธ์ธ
Web Security Audit ๋ฏธ๋ฆฌ๋ณด๊ธฐ

Web Security Audit ์ œ์ž‘์ž: Francesco De Stefano

Passively audits the security posture on current page

5 (5 reviews)5 (5 reviews)
์‚ฌ์šฉ์ž 65๋ช…์‚ฌ์šฉ์ž 65๋ช…
์ด ํ™•์žฅ ๊ธฐ๋Šฅ์„ ์‚ฌ์šฉํ•˜๋ ค๋ฉด Firefox๊ฐ€ ํ•„์š”ํ•จ
Firefox๋ฅผ ๋‹ค์šด๋กœ๋“œํ•˜๊ณ  ํ™•์žฅ ๊ธฐ๋Šฅ์„ ๋ฐ›์œผ์„ธ์š”
ํŒŒ์ผ ๋‹ค์šด๋กœ๋“œ

ํ™•์žฅ ๋ฉ”ํƒ€ ๋ฐ์ดํ„ฐ

์Šคํฌ๋ฆฐ์ƒท
์ •๋ณด
The goal of this project is to build an add-on for browser that passively audits the security posture of the websites that the user is visiting. Assume that the tool is to be used on non-malicious websites, currently not under attack or compromised. Add-on wants to report security misconfigurations, or failure to use best security practices.

- Add-on tries to analysis the commonly vulnerable setting of servers: lack of use of security-relevant headers, including:
- strict-transport-security
- x-xss-protection
- content-security-policy
- x-frame-options
- x-content-type-options

- It doesn't to interfere with the functioning of the visited website.
- It doesn't tamper with request parameters, or issue requests that were not initiated by the user (it is not active scanning).
- Incrementally generate a report in a separate window.
- Each report entry have a numeric score to indicate approximately its severity, as a way to prioritise further investigation by a human analyst [Common Vulnerability Scoring System](https://en.wikipedia.org/wiki/Common_Vulnerability_Scoring_System).

### Limitations
- Add-on only works on sites that allow content scripts.
5๋ช…์˜ ๋ฆฌ๋ทฐ์–ด๊ฐ€ 5๋กœ ํ‰๊ฐ€ํ•จ
๋กœ๊ทธ์ธํ•˜์—ฌ ์ด ํ™•์žฅ ๊ธฐ๋Šฅ์˜ ํ‰์ ์„ ๋‚จ๊ฒจ์ฃผ์„ธ์š”
์•„์ง ํ‰์ ์ด ์—†์Šต๋‹ˆ๋‹ค

๋ณ„์  ์ €์žฅ๋จ

5
5
4
0
3
0
2
0
1
0
๋ฆฌ๋ทฐ 5๊ฐœ ๋ชจ๋‘ ์ฝ๊ธฐ
๊ถŒํ•œ ๋ฐ ๋ฐ์ดํ„ฐ๋” ์•Œ์•„๋ณด๊ธฐ

ํ•„์š”ํ•œ ๊ถŒํ•œ:

  • ๋ชจ๋“  ์›น์‚ฌ์ดํŠธ์—์„œ ์‚ฌ์šฉ์ž์˜ ๋ฐ์ดํ„ฐ์— ์ ‘๊ทผ
์ถ”๊ฐ€ ์ •๋ณด
๋ถ€๊ฐ€ ๊ธฐ๋Šฅ ๋งํฌ
  • ์ง€์› ์‚ฌ์ดํŠธ
  • ์ง€์› ์ด๋ฉ”์ผ
๋ฒ„์ „
1.0
ํฌ๊ธฐ
24.75 KB
๋งˆ์ง€๋ง‰ ์—…๋ฐ์ดํŠธ
6๋…„ ์ „ (2020๋…„ 2์›” 13์ผ)
๊ด€๋ จ ์นดํ…Œ๊ณ ๋ฆฌ
  • ๊ฐœ์ธ ์ •๋ณด ๋ณดํ˜ธ ๋ฐ ๋ณด์•ˆ
๋ผ์ด์„ ์Šค
Mozilla Public License 2.0
๋ฒ„์ „ ๋ชฉ๋ก
  • ๋ชจ๋“  ๋ฒ„์ „ ๋ณด๊ธฐ
๋ชจ์Œ์ง‘์— ์ถ”๊ฐ€
์ด ๋ถ€๊ฐ€ ๊ธฐ๋Šฅ ์‹ ๊ณ 
์ด ๊ฐœ๋ฐœ์ž ์ง€์›

์ด ํ™•์žฅ ๊ธฐ๋Šฅ์˜ ๊ฐœ๋ฐœ์ž๊ฐ€ ์—ฌ๋Ÿฌ๋ถ„์ด ์ž‘์€ ๊ธฐ์—ฌ๋กœ ์ง€์†์ ์ธ ๊ฐœ๋ฐœ์„ ์ง€์›ํ•ด ์ค„ ๊ฒƒ์„ ์š”์ฒญํ•ฉ๋‹ˆ๋‹ค.

๊ธฐ์—ฌํ•˜๊ธฐ

Francesco De Stefano ๋‹˜์˜ ๋‹ค๋ฅธ ํ™•์žฅ ๊ธฐ๋Šฅ
  • ์•„์ง ํ‰์ ์ด ์—†์Šต๋‹ˆ๋‹ค

  • ์•„์ง ํ‰์ ์ด ์—†์Šต๋‹ˆ๋‹ค

  • ์•„์ง ํ‰์ ์ด ์—†์Šต๋‹ˆ๋‹ค

  • ์•„์ง ํ‰์ ์ด ์—†์Šต๋‹ˆ๋‹ค

  • ์•„์ง ํ‰์ ์ด ์—†์Šต๋‹ˆ๋‹ค

  • ์•„์ง ํ‰์ ์ด ์—†์Šต๋‹ˆ๋‹ค

Mozilla ํ™ˆํŽ˜์ด์ง€๋กœ ์ด๋™

๋ถ€๊ฐ€ ๊ธฐ๋Šฅ

  • ์†Œ๊ฐœ
  • Firefox ๋ถ€๊ฐ€ ๊ธฐ๋Šฅ ๋ธ”๋กœ๊ทธ
  • ํ™•์žฅ ๊ธฐ๋Šฅ ์›Œํฌ์ƒต
  • ๊ฐœ๋ฐœ์ž ํ—ˆ๋ธŒ
  • ๊ฐœ๋ฐœ์ž ์ •์ฑ…
  • ์ปค๋ฎค๋‹ˆํ‹ฐ ๋ธ”๋กœ๊ทธ
  • ํฌ๋Ÿผ
  • ๋ฒ„๊ทธ ์‹ ๊ณ 
  • ๋ฆฌ๋ทฐ ์ง€์นจ

๋ธŒ๋ผ์šฐ์ €

  • Desktop
  • Mobile
  • Enterprise

์ œํ’ˆ

  • Browsers
  • VPN
  • Relay
  • Monitor
  • Pocket
  • Bluesky (@firefox.com)
  • Instagram (Firefox)
  • YouTube (firefoxchannel)
  • ๊ฐœ์ธ ์ •๋ณด
  • ์ฟ ํ‚ค
  • ๋ฒ•๋ฅ 

ํŠน๋ณ„ํ•œ ๊ณ ์ง€๊ฐ€ ์—†๋Š” ํ•œ, ๋ณธ ์‚ฌ์ดํŠธ์˜ ์ฝ˜ํ…์ธ ๋Š” Commons Attribution Share-Alike License v3.0 ๋˜๋Š” ๊ทธ ์ดํ›„ ๋ฒ„์ „์— ๋”ฐ๋ผ ์‚ฌ์šฉ์ด ํ—ˆ๊ฐ€๋ฉ๋‹ˆ๋‹ค.