Mozilla Observatory Is the Newest Free Site Security Testing Service

The Mozilla engineer April Knights has released Observatory, a free web security testing utility on GitHub. The tool has been under development for months; it has been approved yesterday and published on the developer community web site for public use.

Mozilla Observatory Is a Useful Tool for Every Web Developer

Observatory has been written in the Python programming language, and its aim is to aid developers, administrators and security experts that want to implement good security measures into their web sites. The utility can grade the target sites and assign a rating (score from A to F) based on the implemented security features.

Right now the tool can scan and report the security grade for the following services:

  • Content Security Policy (CSP) Status
  • Cookie files using Secure flag
  • Cross-Origin Resource Sharing (CORS) status
  • HTTP Public Key Pinning (HPKP) status
  • HTTP Strict Transport Security (HSTS) status
  • Presence of automatic redirection from HTTP to HTTPS
  • Subresource Integrity (SRI) status
  • X-Content-Type-Options status
  • X-Frame-Options (XFO) status
  • X-XSS-Protection status

April Knight performed automatic scans using Observatory of over 1.3 million sites and 91% of them fail the tests.

The utility is made of three components – a scanner, command line, and a web interface.

It is available from its GitHub page for immediate download.

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *