In this post, I want to discuss how to do a security audit with Mozilla Observatory (Open-Source Development Tools). What is a security audit? then, what kind of tools is mozilla observatory? Let’s discuss them one by one.
“Quoted from Wikipedia.org , An information security audit is an audit on the level of information security in an organization. It is an independent review and examination of system records, activities and related documents.”
Currently, Security Audit is very important in the IT industry. With the development of the IT industry, the level of vulnerability to threats from unwanted parties also increases. Therefore, a security audit is needed to maintain security in all aspects of IT. To perform a security audit, there are many tools that we can use. These tools are available ranging from paid to free.
What I will discuss this time is one of the tools from Mozilla that we can use for free to perform security audits on the applications we have. The tool is called the Mozilla Observatory.
To perform a security audit with this tool is fairly easy, we only need to access the mozilla observatory site, then enter the url of site you want to scan, after that the tool will run an audit scan automatically. Here’s the complete way :
:
- Visit Mozilla Observatory site
- Enter the url of site you want to scan for audit, then clicked Scan Me. Wait a few moments until the tool finishes scanning.
- Once the scan results appear, a rating will appear based on the A-F values for the scanned site. Then various security details will appear, both good ones or those that are recommended for us to fix. Below is a sample scan from one of the sites I manage, this is an initial scan before some of the repairs I did.
- Important points in this tool are found in the Test Scores section. Here we can see the extent of the security that we have implemented on the sites that we have. then in the Recommendation section there are recommendations given to increase the level of site security that we have. If you fix it right away and want to do a re-scan, just click Initiate Rescan. Then the tools will re-scan and if there are repairs that you do the tools will give the results of these improvements. Here’s an example of my site that has been repaired and then I do Initiate Rescan.
For the repair I did, I followed what the tools recommended. But for those of you who want to do something similar, I suggest doing it first in development, because from the improvements it might have an impact on the applications you have. The most influential fix is in the Content Security Policy section, because if you set this section incorrectly, your application could become an error. So it’s better to find out first the recommended points for repair before you actually fix it.
Next time, maybe I’ll make a post regarding the fixes that can be done to improve the security of the application. For now my focus is only on how to use the mozilla observatory tools to audit the security of the applications we have. Thank you for reading this article 😀
0 Comments