Current time: 10-24-2019, 04:28 AM Hello There, Guest! (LoginRegister)

Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Useful Security Information in API Response
09-16-2015, 12:34 AM
Post: #1
Useful Security Information in API Response
Hi Guys,

Background: I use WPT to build performance reports for client websites, a request has come in to show some baseline security info too.

I was wondering if there are any suggestions for gathering security information from WPT API responses, I know there are some datapoints regarding certs etc, but is there anything else that could be used as a basic security profile for the site bing tested.

I know WPT test is a performance tool, and I am looking into some security testing scripts as well for this job, just checking if anyone had some advice as I would like to leverage anything I could from WPT.

thanks.
Find all posts by this user
Quote this message in a reply
09-16-2015, 04:28 AM
Post: #2
RE: Useful Security Information in API Response
Your best bet is to augment the WebPageTest data with calls to ssl lab's API: https://www.ssllabs.com/projects/ssllabs-apis/

At some point it would be nice to integrate directly in WPT but that's the best bet for getting some baseline security data (make sure to do it for all of the unique domains).

That aslo only covers the TLS part of "security". Security is a pretty open description that includes SQL injection, XSS, etc.
Visit this user's website Find all posts by this user
Quote this message in a reply
10-07-2015, 07:04 AM
Post: #3
RE: Useful Security Information in API Response
Thanks,

I will take a look - sorry for delayed response.
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 3 Guest(s)