To help webmasters better secure and protect their users and websites, Mozilla has built an online scanner that can check if web servers have the best security configurations in place or not.
Dubbed “Observatory” tool was in the beginning built for in-house use by Mozilla security manufacture April King, who was then encouraged to increase it and make it available to the world.
The lady took inspiration from the SSL Server Test from Qualys’ SSL Labs, a widely appreciated scanner which give rates or grade to a website’s SSL/TLS configuration and potential weaknesses highlights. Like Qualys’ scanning device, Observatory uses a rating system from 0 to 100, with the opportunity to more bonus points, which convert into fix range of grades from F to A+.
The tool doesn’t only check for the occurrence of these technologies, but also whether they’re implemented properly. The actual tool doesn’t do scan for vulnerability in the website code, tools checks only that vulnerabilities which exist on free and commercial tools.
In some aspects, reaching a secure site configuration, and it use all the available technologies which developed in recent years.
A few of Mozilla’s own websites were among those that failed test or quality. For example, when it was first read with Observatory, addons.mozilla.org, most important websites, received an F for fail. The issues have since recently been fixed and the website is now rated A+.
The Observatory test answers are presented in an user friendly manner with links back again to Mozilla’s web security guidelines, that have descriptions and implementation different type of examples. It’s allows website admin to more easily understand the issues detected during the check out also to prioritize them.
Observatory code is absolutely free. A great API and command-line tools are available for managers who require to check out a huge number of websites periodically or who want to perform those tests internally.