Mozilla has built a free online scanner that can check whether your web servers have the right level of security in place.
Why Build It?
Here in the UK we know only too well about the dangers we face from cyber crime. According to Symantec’s figures the UK is now the most targeted nation in the world for spear phishing attacks and social media scams, and ranks second only to Germany for ransomware attacks.
Akamai figures show also that there was a huge increase in the first quarter of 2016 in distributed denial-of-service (DDoS) attacks. These attacks frequently overwhelm web servers and consequently bring down business websites.
With these kinds of threats in mind Mozilla built a scanning tool called Observatory for in-house use to help with its own security. The tool was built by Mozilla security engineer April King and the company has now decided put the scanning tool online as a free resource for developers, system administrators, and security professionals to help configure their sites safely and securely.
How Can You Use It?
To use the tool go to https://observatory.mozilla.org/ and type in the domain name of the website you would like to scan. The scanner gives your website a score from 0 to 130 depending of how well defensive security technologies have been configured and implemented on the web server. Some aspects of your security are awarded +5 or +10 points for going above and beyond the call of duty in defending your website.
The results of the Observatory test are presented in a user-friendly way and they link back to Mozilla's web security guidelines. These have descriptions and implementation examples thus allowing website administrators to more easily understand the issues detected during the scan, and to be able to prioritize them.
What Sort of Things Does It Check For?
Mozilla says that Observatory checks for the presence of preventative measures against cross-site scripting attacks, man-in-the-middle attacks, cross-domain information leakage, cookie compromise, content delivery network compromise, and improperly issued certificates.
What Doesn’t It Check For?
Observatory does not scan for any vulnerability in the website code as there are already a large number of free tools available for that purpose.
What Does This Mean For Your Business?
Your business website administrator now has an extra free tool available to them which can help in the fight against cyber crime. This tool can not only offer real world defence tips and highlight potentially costly vulnerabilities, but it can also help developers and operators to become more familiar with the kinds of defensive security standards that are necessary today.