Web Security Audit

Passively audits the security posture on current page

Web Security Audit - Passively audit website security

Web Security Audit is a Firefox add-on that passively audits the security posture of non-malicious websites, identifying security misconfigurations and lack of best security practices. It analyzes server settings and generates a report to prioritize further investigation.

Add-on stats

Users: 88
-5
Rating: 5.00
(6)
Version: 1.0 (Last updated: 2020-02-14)
Creation date: 2020-02-13
Weekly download count: 6
Firefox on Android: No
Risk impact: High risk impact
Risk likelihood:
Manifest version: 2
Permissions:
  • webRequest
  • *://*/
  • activeTab
Size: 25.34K
URLs: Website

Other platforms

Not available on Chrome
Not available on Android
Not available on Edge
Want to check extension ranking and stats more quickly for other Firefox add-ons? Install Chrome-Stats extension to view Firefox-Stats data as you browse the Firefox Browser Add-ons.

Add-on summary

The goal of this project is to build an add-on for browser that passively audits the security posture of the websites that the user is visiting. Assume that the tool is to be used on non-malicious websites, currently not under attack or compromised. Add-on wants to report security misconfigurations, or failure to use best security practices.

  • Add-on tries to analysis the commonly vulnerable setting of servers: lack of use of security-relevant headers, including:

    • strict-transport-security
    • x-xss-protection
    • content-security-policy
    • x-frame-options
    • x-content-type-options
  • It doesn't to interfere with the functioning of the visited website.

  • It doesn't tamper with request parameters, or issue requests that were not initiated by the user (it is not active scanning).

  • Incrementally generate a report in a separate window.

  • Each report entry have a numeric score to indicate approximately its severity, as a way to prioritise further investigation by a human analyst [Common Vulnerability Scoring System](https://en.wikipedia.org/wiki/Common_Vulnerability_Scoring_System).

Limitations

  • Add-on only works on sites that allow content scripts.

User reviews

by igorlogius, 2024-12-05

would love to see on/off option. Great tool tho
by jj, 2024-04-10
View all user reviews

Add-on safety

Risk impact

Web Security Audit requires some sensitive permissions that could impact your browser and data security. Exercise caution before installing.

Risk likelihood

Web Security Audit has earned a fairly good reputation and likely can be trusted.

Upgrade to see risk analysis details