contadores de paginas web Saltar al contenido

Observatory by Mozilla a tool that helps you improve the security of your website

observatory by mozilla resultado

Observatory by Mozilla is an online scanner created to help developers and webmasters create safer sites. Simply by entering the address of a website you will start to perform different tests, also showing the results of other recognized tools that analyze SSL certificates and HTTP headers.

Something very good is that it marks very clearly the errors that it detects and points that could be improved. For each of them it also includes a link to the Mozilla wiki where you can find more details and tips.

The following is an example result for a Bank that operates in my country:

The result as you can see is not very good, obtaining one of the lowest qualifications and failing in points that could be considered as Critics for the website of a financial institution. For other banks the situation was similar: Yes

For example, they do not implement an HSTS (HTTP Strict Transport Security) or HPKP (HTTP Public Key Pinning) policy, although the site encrypts communications between its servers and users' browsers through HTTPs, by not implementing these policies that enhance security an attacker could easily man-in-the-middle and impersonate the SSL certificate leaving HTTPs unusable.

In other words, in a shared Wi-Fi such as that of a hotel, airport or café, you can be intercepted by network traffic to set up a false website (phishing) under the same domain of the bank, falsifying the green pad of the HTTPs without you realizing it. .

They can also do it in your own house if you do not have secure Wi-Fi, for those interested in the subject, I recommend reading this article written by @pablogonzalezpe on Chema's blog.

Observatory by Mozilla also displays results from https://www.ssllabs.com/ssltest/, https://www.htbridge.com/ssl/ and https://tls.imirhil.fr that analyze TLS / SSL certificates. Also from https://securityheaders.io, an excellent tool that analyzes the responses of the HTTP headers and https://hstspreload.appspot.com that allows you to be part of the HSTS preloading or preloading list of the main web browsers.