Comprehensive Security Testing
Mozilla Observatory performs a wide range of security tests to assess the robustness of a web application's security configuration, providing an overall security score.
Free to Use
Mozilla Observatory is available to everyone at no cost, making it an accessible tool for developers and administrators looking to improve their website's security posture.
Open-Source
Being open-source, Mozilla Observatory allows users to understand its inner workings, contribute to its development, and ensure transparency in its security assessment methods.
Educational Benefits
The tool provides detailed explanations and resources for each test performed, helping users understand potential security issues and how to mitigate them effectively.
Integration with Other Tools
Mozilla Observatory can be integrated with other automated tools and scripts like SSL Labs and Security Headers, offering a more comprehensive analysis of a website’s security.
Promote Mozilla Observatory. You can add any of these badges on your website.
Here are a few tools you can use: Https://www.zaproxy.org/ (Web app scanner) Https://www.ssllabs.com/ssltest/analyze.html?d=importer.bilendo.de (SSL server test) Https://github.com/santoru/shcheck (Security Header Check) Https://observatory.mozilla.org/ (Content Security Policy validator). - Source: dev.to / 3 months ago
Regular Audits: Use tools like Mozilla Observatory or Security Headers to regularly check your headers. - Source: dev.to / 3 months ago
What's better about this vs. Mozilla Observatory. https://developer.mozilla.org/en-US/observatory (formerly https://observatory.mozilla.org/) Or Security Headers? https://securityheaders.com/ Or VENOM? https://github.com/oshp/oshp-validator Applaud the effort, these are things that more devs should be aware of when building websites... Hey some specific feedback... - Source: Hacker News / 4 months ago
Mozilla Observatory — Find and fix security vulnerabilities in your site. - Source: dev.to / 10 months ago
Detectify once made an offer of making free scans which I took them up on. There are plenty of free Content Security Policy (CSP) and other vulnerability checkers around such as Observatory or Pentest. Shields UP!! Will identify which ports you have open. Source: about 1 year ago
Scan our site with Mozilla Observatory and improve our grade by registering a domain name, enabling HTTPS, adding a certificate and setting security headers. - Source: dev.to / almost 2 years ago
First, for session persistence, go with the default Django session with cookie storage. Set your cookie to HTTP only and ensure your application uses the most common HTTP security headers and controls. Test your application with https://observatory.mozilla.org/ to have an idea of what you're missing. Source: almost 2 years ago
Rank your site on https://observatory.mozilla.org/ and it will give you some suggestions. Source: about 2 years ago
We checked the page works at the end of a previous section. You might also want to check the HTTP security headers. Both SecurityHeaders.com and Mozilla Observatory are good for this. You might not be able to get an A+ on both because SvelteKit does not add style CSP hashes (at the time of writing). Instead we used the style-src: unsafe-inline directive. CSS hashes are important, though; maliciously injected... - Source: dev.to / about 2 years ago
Mozilla Observatory — Find and fix security vulnerabilities in your site. - Source: dev.to / about 2 years ago
And observatory.mozilla.org for everything related to security measures .. I used audit results from both to work myself through this topic. Source: about 2 years ago
Thanks, I got started last year with checking mozillas observatory on how my sites were doing. And down the rabbit hole I went. Source: over 2 years ago
Basically, if your website scores less than A on https://observatory.mozilla.org, you are doing it wrong. Source: over 2 years ago
I finally got around to testing my servers' SSL configs using https://observatory.mozilla.org/ and that led me to wonder whether there are other checkers I should be running and also if there are checkers for other services/protocols. For SSL, I am also aware of https://www.ssllabs.com/ssltest/index.html but its information is less user friendly. It also occurred to me that listing this type of stuff in the... Source: almost 3 years ago
Honestly it makes no sense to me. I go on a different device to http://xxxx.xxxx.com and it redirects me to https://xxxx.xxxx.com. I have yet to find a way to force it to a http site to replicate the error from the Mozilla security tool (https://observatory.mozilla.org/). Source: almost 3 years ago
There are many notable open-source projects (SSLyze, CipherScan, testssl.sh, tls-scan, …) and several SaaS solutions (CryptCheck, CypherCraft, Hardenize, ImmuniWeb, Mozilla Observatory, SSL Labs, …) to do a security setting analysis, especially when we are talking about TLS, which is the most common and popular cryptographic protocol. However, most of these tools heavily depend on one or more versions of one or... - Source: dev.to / over 4 years ago
There, now you and your users are safer. Go ahead to observatory.mozilla.org and test your plex.domain and see how it does. Source: almost 3 years ago
Also, if you're going to go the path of reverse-proxy for outside access I definitely recommend getting your SSL setup as strong as possible. Mozilla has a really handy SSL config generator service for helping with basic setup, and another service called Observatory for testing your SSL security once up and running. And there's also another really good SSL sec test service by SSLabs. It's good to test with more... Source: about 3 years ago
This is a good guide to start, and has advanced options near the bottom such as Modsecurity: Https://geekflare.com/apache-web-server-hardening-security/ This is good for advanced hardening if you want to go far with HTTP headers and browser-site behavior: Https://observatory.mozilla.org/ This is an amazing tool for testing SSL suites and for SSL vulnerabilities: Https://www.ssllabs.com/ssltest/. Source: about 3 years ago
Thats it for today folks. In the meantime, there are plenty of other ways (not listed above) to secure your Apache web server and Django Web Application, as well. Continue researching and keeping yourself updated about new directives and modules to secure your server further and keep on cross checking your website against the Mozilla observatory scan. - Source: dev.to / about 3 years ago
And then, today, I decided to see what https://observatory.mozilla.org had to say and, well, I got an F on some of my subdomains. Source: over 3 years ago
Do you know an article comparing Mozilla Observatory to other products?
Suggest a link to a post with product alternatives.
This is an informative page about Mozilla Observatory. You can review and discuss the product here. The primary details have not been verified within the last quarter, and they might be outdated. If you think we are missing something, please use the means on this page to comment or suggest changes. All reviews and comments are highly encouranged and appreciated as they help everyone in the community to make an informed choice. Please always be kind and objective when evaluating a product and sharing your opinion.