Mozilla launched the Observatory tool to test the security of websites

The Security Engineer April King from Mozilla has released the Observatory Tool, a free tool for the security assessment of websites.

Mozilla has launched the ‘Observatory,’ a tool developed by the Security Engineer April King that allows administrators and developer to test their websites.

“Observatory is a simple tool that allows site operators to quickly assess not just if they are using these technologies, but also helps them identify how well they’re being used. It uses a simple grading system to provide near instant feedback on site improvements as they are made. To assist developers and administrators, Observatory also provides links to quality documentation that demonstrates how these technologies work.” King wrote in a blog post.

“You may not have heard of many of them, and that’s because their documentation is spread across thousands of articles, hundreds of websites, and dozens of specifications,”

Mozilla has also published the source code of the Observatory tool on GitHub.

The tool performs the following tests on websites:

Test
Content Security Policy
Cookies
Cross-origin Resource Sharing
HTTP Public Key Pinning
HTTP Strict Transport Security
Redirection
Subresource Integrity
X-Content-Type-Options
X-Frame-Options
X-XSS-Protection

Once assessed a website the Observatory tool calculates a score based on the level of implementation of the tested standards, it also provides recommendations to improve the overall security of the websites.

Mozilla has tested the Observatory assessing more than 1.3 million websites, and 91% of them failed the tests as reported in the following table.

Overall Results
Passing	121,984
Failing	1,212,826
Total Scans	1,334,810

“When nine out of 10 websites receive a failing grade, it’s clear that this is a problem for everyone.” said King.

“Observatory is currently a very developer-focused tool, and its grading is set very aggressively to promote best practices in web security. So if your site fails Observatory’s tests, don’t panic — just take a look at its recommendations and consider implementing them to make your site more secure,” King added.

Only 30 percent of websites use the HTTPS protocol and less than 7 percent rely on the other security measures tested by the tool.

King closes his blog post explaining that the results obtained from the Observatory tool might not be accurate for all websites because each site could have specific security needs.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Mozilla, Observatory Tool)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.