Church of ProZ: Otaku Fortress
Would you like to react to this message? Create an account in a few clicks or log in to continue.

Observatory by Mozilla

Go down

Observatory by Mozilla Empty Observatory by Mozilla

Post by Zhu Yang on 2016-08-26, 15:51

http://news.softpedia.com/news/mozilla-launches-free-website-security-testing-service-507648.shtml

Catalin Cimpanu wrote:Mozilla security engineer April King released a project called Observatory, a free website security scanning utility, similar to SSL Labs and High-Tech Bridge's scanning service.

The service, working on top of a Python codebase made available on GitHub, has been under development for months and was approved for a public launch only yesterday.

Observatory is aimed at developers, system administrators, and security professionals that want to configure sites to use modern security protocols.
"Service uses A to F scores to grade website security"

Observatory scans for the presence of basic security features and then gives out a grade from 0 to 130, which is then converted into an A to F score.

In its current form, the service scans for the following: [1] Content Security Policy (CSP) status, [2] cookie files using Secure flag, [3] Cross-Origin Resource Sharing (CORS) status, [4] HTTP Public Key Pinning (HPKP) status, [5] HTTP Strict Transport Security (HSTS) status, [6] the presence of an automatic redirection from HTTP to HTTPS, [7] Subresource Integrity (SRI) status, [8] X-Content-Type-Options status, [9] X-Frame-Options (XFO) status, and [10] X-XSS-Protection status.

All basic security recommendations, albeit extremely hard to implement, a reason why many websites still don't use them.
"Over 91% of current websites fail Observatory's tests"

According to King, who performed automatic scans of over 1.3 million websites, over 91 percent of modern-day websites fail Observatory's tests.

"When nine out of 10 websites receive a failing grade, it’s clear that this is a problem for everyone. And by “everyone”, I’m including Mozilla — among our thousands of sites, a great deal of them fail to pass," King wrote yesterday, revealing that Observatory was developed to help Mozilla tests their own domains first.


Church of Proz received an F - https://observatory.mozilla.org/analyze.html?host=churchofproz.forumotion.net
Zhu Yang
Zhu Yang
Archon
Archon

ProZ Degrees: Nasuverse Master
Posts : 2107
AwesomeSauce : 9

Back to top Go down

Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum