Mozilla Launches Free Website Security Testing Service

[BoraMurdar]

Mozilla security engineer April Knight released a project called Observatory, a free website security scanning utility, similar to SSL Labs and High-Tech Bridge's scanning service.

The service, working on top of a Python codebase made available on GitHub, has been under development for months and was approved for a public launch only yesterday.

Observatory is aimed at developers, system administrators, and security professionals that want to configure sites to use modern security protocols.

Service uses A to F scores to grade website security
Observatory scans for the presence of basic security features and then gives out a grade from 0 to 130, which is then converted into an A to F score.

In its current form, the service scans for the following: [1] Content Security Policy (CSP) status, [2] cookie files using Secure flag, [3] Cross-Origin Resource Sharing (CORS) status, [4] HTTP Public Key Pinning (HPKP) status, [5] HTTP Strict Transport Security (HSTS) status, [6] the presence of an automatic redirection from HTTP to HTTPS, [7] Subresource Integrity (SRI) status, [8] X-Content-Type-Options status, [9] X-Frame-Options (XFO) status, and [10] X-XSS-Protection status.

More at Softpedia

 

[JM Safe]

More at Softpedia

Thanks for sharing this news @BoraMurdar It is surely really interesting

 

[King Alpha]

Thanks for sharing @BoraMurdar. I just finished scanning a couple of websites. The first one got 'C', and the other one got 'F'.

 

[ZeroDay]

Nice share @BoraMurdar

 

[_CyberGhosT_]

Thanks Bora very interesting .

 

[ttto]

Interesting website, thank you! saved in Pocket!

 

[askmark]

Thanks for sharing info about this very useful tool. Just checked the company website and it didn't fare too well. Need to get this addressed asap

 

[adnage19]

Hmm... Kaspersky's and Bitdefender's websites got category F And, for example, F-Secure's website got category C.