The Complete Magazine on Open Source

Mozilla releases open source tool to test website security

SHARE
/ 6766 0

Mozilla open source tool

Mozilla has released a new open source online tool to let operators quickly test the security of their websites. Called Observatory, the new product by the web browser maker uses a simple grading system to provide instant feedback on improvements areas.

Originally developed for an in-house testing, Mozilla’s Observatory has so far scanned over 1.3 million websites worldwide. The company claimed that 91 percent of the websites tested are yet to be upgraded with modern security advances.

“Observatory is a simple tool that allows site operators to quickly assess not just if they are using these technologies, but also helps them identify how well they’re being used,” Mozilla security engineer April King wrote in a blog post.

An upgrade over existing SSL test solution

King developed the Observatory as a tweaked version of SSL Server Test from Qualys’ SSL Labs. Similar to the original model, Mozilla’s offering uses scores from 0 to 100 and then translates them into grades from F to A+.

However, the major distinction between the SSL Server Test and Observatory is the scanning of security mechanisms. While Qualy’s solution checks just TLS implementation on the given website, you can use Mozilla’s tool checks for parameters such as Content Security Policy, HTTP Public Key Pinning, HTTP Strict Transport Security, Cross-Origin Resource Sharing and X-Frame-Options among others. Additionally, the open source solution also identifies how well the security technologies can be deployed correctly.

“Each test you run with the Observatory not only tells you how well you’ve implemented a given standard, but it links back to Mozilla’s single-page web security guidelines, which have descriptions, reasonings, and implementation examples for every test,” King added.

You can check the security implementation on your site by visiting the Observatory page. If it shows something wrong, you do not need to be astounded as nine out of ten websites receive a failing grade; even some Mozilla’s properties are also on the list.

Code on GitHub

The source code of Observatory tool is available on GitHub to let developers utilise the efforts made by King and the whole Mozilla team. Moreover, web administrators can get its API and command-line tools to integrate the solution with their projects.