Web Security Audit

Passively audits the security posture on current page

What is Web Security Audit?

Web Security Audit is a Firefox add-on that passively audits the security posture of non-malicious websites, identifying security misconfigurations and lack of best security practices. It analyzes server settings and generates a report to prioritize further investigation.

Download

Stats

By: Francesco De Stefano

View on Firefox Browser Add-ons

Users: 112 ▼ -4

Rating: 5.00 (5)

Version: 1.0 (Last updated: 2020-02-14)

Creation date: 2020-02-13

Weekly download count: 2

Firefox on Android: No

Risk impact: High risk impact

Risk likelihood: Low risk likelihood

Manifest version: 2

Permissions:

webRequest
*://*/
activeTab

Size: 25.34K

Email: ul*****@mediamaster.eu

URLs: Website

Stats date:

Chrome-Stats Rank

# 9193 ▼ 169

Other rankings

#21 in security keyword 48 #42 in secure keyword 53 #103 in audio keyword 20 ▲ 1 #117 in goal keyword 3 ▼ 2 #168 in analysis keyword 9 ▼ 2

Other platforms

Not available on Chrome

Not available on Edge

Want to check extension ranking and stats more quickly for other Firefox add-ons? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Firefox Browser Add-ons.

Summary

Analyze keywords

The goal of this project is to build an add-on for browser that passively audits the security posture of the websites that the user is visiting. Assume that the tool is to be used on non-malicious websites, currently not under attack or compromised. Add-on wants to report security misconfigurations, or failure to use best security practices.

Add-on tries to analysis the commonly vulnerable setting of servers: lack of use of security-relevant headers, including:
- strict-transport-security
- x-xss-protection
- content-security-policy
- x-frame-options
- x-content-type-options
It doesn't to interfere with the functioning of the visited website.
It doesn't tamper with request parameters, or issue requests that were not initiated by the user (it is not active scanning).
Incrementally generate a report in a separate window.
Each report entry have a numeric score to indicate approximately its severity, as a way to prioritise further investigation by a human analyst [Common Vulnerability Scoring System](https://en.wikipedia.org/wiki/Common_Vulnerability_Scoring_System).

Limitations

Add-on only works on sites that allow content scripts.

User reviews

would love to see on/off option. Great tool tho

by jj, 2024-04-10

Gan Jing World is a clean, curated universe and a dynamic, overlapping network of integrated platforms and services. ==> https://www.ganjing.com

by GanJingWorld, 2022-12-24

View all user reviews

Safety

Risk impact

Web Security Audit is risky to use as it requires a number of sensitive permissions that can potentially harm your browser and steal your data. Exercise caution when installing this add-on. Review carefully before installing. We recommend that you only install Web Security Audit if you trust the publisher.

Risk likelihood

Web Security Audit has earned a fairly good reputation and likely can be trusted.

Upgrade to see risk analysis details

Screenshots