Web Security Audit av Francesco De Stefano
Passively audits the security posture on current page
63 användare63 användare
Du behöver Firefox för att kunna använda den här tillägget
Metadata för tillägg
Skärmbilder
Om detta tillägg
The goal of this project is to build an add-on for browser that passively audits the security posture of the websites that the user is visiting. Assume that the tool is to be used on non-malicious websites, currently not under attack or compromised. Add-on wants to report security misconfigurations, or failure to use best security practices.
- Add-on tries to analysis the commonly vulnerable setting of servers: lack of use of security-relevant headers, including:
- strict-transport-security
- x-xss-protection
- content-security-policy
- x-frame-options
- x-content-type-options
- It doesn't to interfere with the functioning of the visited website.
- It doesn't tamper with request parameters, or issue requests that were not initiated by the user (it is not active scanning).
- Incrementally generate a report in a separate window.
- Each report entry have a numeric score to indicate approximately its severity, as a way to prioritise further investigation by a human analyst [Common Vulnerability Scoring System](https://en.wikipedia.org/wiki/Common_Vulnerability_Scoring_System).
### Limitations
- Add-on only works on sites that allow content scripts.
- Add-on tries to analysis the commonly vulnerable setting of servers: lack of use of security-relevant headers, including:
- strict-transport-security
- x-xss-protection
- content-security-policy
- x-frame-options
- x-content-type-options
- It doesn't to interfere with the functioning of the visited website.
- It doesn't tamper with request parameters, or issue requests that were not initiated by the user (it is not active scanning).
- Incrementally generate a report in a separate window.
- Each report entry have a numeric score to indicate approximately its severity, as a way to prioritise further investigation by a human analyst [Common Vulnerability Scoring System](https://en.wikipedia.org/wiki/Common_Vulnerability_Scoring_System).
### Limitations
- Add-on only works on sites that allow content scripts.
Betyg 5 av 5 recensenter
Behörigheter och dataLäs mer
Nödvändiga behörigheter:
- Åtkomst till dina data för alla webbplatser
Mer information
- Länkar för tillägg
- Version
- 1.0
- Storlek
- 24,75 kB
- Senast uppdaterad
- för 6 år sedan (13 feb 2020)
- Relaterade kategorier
- Versionshistorik
- Lägg till i samling
Stöd denna utvecklare
Utvecklaren av det här tillägget frågar att du kan hjälpa till att stödja den fortsatta utvecklingen genom att göra ett litet bidrag.
Fler tillägg av Francesco De Stefano
Det finns inga betyg än- Det finns inga betyg än
- Det finns inga betyg än
- Det finns inga betyg än
- Det finns inga betyg än
- Det finns inga betyg än