Web Security Audit
Passively audits the security posture on current page
What is Web Security Audit?
Stats
Chrome-Stats Rank
Other platforms
Summary
The goal of this project is to build an add-on for browser that passively audits the security posture of the websites that the user is visiting. Assume that the tool is to be used on non-malicious websites, currently not under attack or compromised. Add-on wants to report security misconfigurations, or failure to use best security practices.
Add-on tries to analysis the commonly vulnerable setting of servers: lack of use of security-relevant headers, including:
- strict-transport-security
- x-xss-protection
- content-security-policy
- x-frame-options
- x-content-type-options
It doesn't to interfere with the functioning of the visited website.
It doesn't tamper with request parameters, or issue requests that were not initiated by the user (it is not active scanning).
Incrementally generate a report in a separate window.
Each report entry have a numeric score to indicate approximately its severity, as a way to prioritise further investigation by a human analyst [Common Vulnerability Scoring System](https://en.wikipedia.org/wiki/Common_Vulnerability_Scoring_System).
Limitations
- Add-on only works on sites that allow content scripts.
User reviews
Safety
Risk impact
Web Security Audit is risky to use as it requires a number of sensitive permissions that can potentially harm your browser and steal your data. Exercise caution when installing this add-on. Review carefully before installing. We recommend that you only install Web Security Audit if you trust the publisher.
Risk likelihood
Web Security Audit has earned a fairly good reputation and likely can be trusted.