Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Mozilla launched the Observatory tool to test the security of websites

The Security Engineer April King from Mozilla has released the Observatory Tool, a free tool for the security assessment of websites. Mozilla has launched the ‘Observatory,’ a tool developed by the Security Engineer April King that allows administrators and developer to test their websites. “Observatory is a simple tool that allows site operators to quickly […]

Mozilla launched the Observatory tool to test the security of websites

The Security Engineer April King from Mozilla has released the Observatory Tool, a free tool for the security assessment of websites.

Mozilla has launched the ‘Observatory,’ a tool developed by the Security Engineer April King that allows administrators and developer to test their websites.

“Observatory is a simple tool that allows site operators to quickly assess not just if they are using these technologies, but also helps them identify how well they’re being used. It uses a simple grading system to provide near instant feedback on site improvements as they are made. To assist developers and administrators, Observatory also provides links to quality documentation that demonstrates how these technologies work.” King wrote in a blog post.

“You may not have heard of many of them, and that’s because their documentation is spread across thousands of articles, hundreds of websites, and dozens of specifications,”

Mozilla has also published the source code of the  Observatory tool on GitHub.

The tool performs the following tests on websites:

Test

Content Security Policy
Cookies
Cross-origin Resource Sharing
HTTP Public Key Pinning
HTTP Strict Transport Security
Redirection
Subresource Integrity
X-Content-Type-Options

X-Frame-Options

X-XSS-Protection

Once assessed a website the Observatory tool calculates a score based on the level of implementation of the tested standards, it also provides recommendations to improve the overall security of the websites.

observatory tool addons-mozilla

Mozilla has tested the Observatory assessing more than 1.3 million websites, and 91% of them failed the tests as reported in the following table.

Overall Results
Passing 121,984
Failing 1,212,826
Total Scans 1,334,810

“When nine out of 10 websites receive a failing grade, it’s clear that this is a problem for everyone.” said King.

“Observatory is currently a very developer-focused tool, and its grading is set very aggressively to promote best practices in web security. So if your site fails Observatory’s tests, don’t panic — just take a look at its recommendations and consider implementing them to make your site more secure,” King added.

Only 30 percent of websites use the HTTPS protocol and less than 7 percent rely on the other security measures tested by the tool.

King closes his blog post explaining that the results obtained from the Observatory tool might not be accurate for all websites because each site could have specific security needs.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Mozilla, Observatory Tool)