Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Monday August 29 2016, @05:03AM   Printer-friendly
from the will-it-be-bloated? dept.

Mozilla has released a free tool that allows website developers and administrators to determine if they are using all available security technologies at their full potential.

The tool, named "Observatory," was developed by Mozilla Information Security Engineer April King in an effort to help the organization test its own domains. Observatory has now been made available to everyone along with its source code.

Observatory performs nearly a dozen tests, including Content Security Policy (CSP), Contribute.json, cookies, cross-origin resource sharing (CORS), HTTP Public Key Pinning (HPKP), HTTP Strict Transport Security (HSTS), redirections, subresource integrity, and X-Content-Type-Options, X-Frame-Options and X-XSS-Protection headers.

[...] "Observatory is currently a very developer-focused tool, and its grading is set very aggressively to promote best practices in web security. So if your site fails Observatory's tests, don't panic — just take a look at its recommendations and consider implementing them to make your site more secure," King said.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Interesting) by barrahome on Monday August 29 2016, @06:43AM

    by barrahome (3580) on Monday August 29 2016, @06:43AM (#394499) Journal

    The tool is useless. They said i don't redirect to SSL and i DO IT, tested that over a millon times, for sure they are expecting an HTML or Javascript redirect. Too bad they don't know how to properly do tests.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  

    Total Score:   2  
  • (Score: 2) by arslan on Monday August 29 2016, @06:52AM

    by arslan (3462) on Monday August 29 2016, @06:52AM (#394504)

    Yea.. pretty lame. I ran it against SN and it says no cookie detected which is inaccurate. I can see the SN cookies when I check my browser.

    • (Score: 1) by barrahome on Monday August 29 2016, @06:59AM

      by barrahome (3580) on Monday August 29 2016, @06:59AM (#394505) Journal

      Let's Boycott Mozilla Observatory, we can ask them to rename it to "Mozilla Unservatory" or something more compelling.

    • (Score: 0) by Anonymous Coward on Monday August 29 2016, @07:27AM

      by Anonymous Coward on Monday August 29 2016, @07:27AM (#394519)

      Yea.. pretty lame. I ran it against SN and it says no cookie detected which is inaccurate. I can see the SN cookies when I check my browser.

      I don't get cookies. And I browse with firefox's "cookies" window up in the corner of my monitor all the time so I am acutely aware of which sites hand out cookies and when.

      But I don't log in to soylent either.

      Sounds like yet another problem with the nut behind the wheel.

    • (Score: 3, Informative) by NCommander on Monday August 29 2016, @11:20AM

      by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Monday August 29 2016, @11:20AM (#394599) Homepage Journal

      SN only cookies if you log in.

      --
      Still always moving