WebPagetest Forums
Useful Security Information in API Response - Printable Version

+- WebPagetest Forums (https://www.webpagetest.org/forums)
+-- Forum: WebPagetest (/forumdisplay.php?fid=7)
+--- Forum: General Discussion (/forumdisplay.php?fid=25)
+--- Thread: Useful Security Information in API Response (/showthread.php?tid=13930)



Useful Security Information in API Response - pthompso - 09-16-2015 12:34 AM

Hi Guys,

Background: I use WPT to build performance reports for client websites, a request has come in to show some baseline security info too.

I was wondering if there are any suggestions for gathering security information from WPT API responses, I know there are some datapoints regarding certs etc, but is there anything else that could be used as a basic security profile for the site bing tested.

I know WPT test is a performance tool, and I am looking into some security testing scripts as well for this job, just checking if anyone had some advice as I would like to leverage anything I could from WPT.

thanks.


RE: Useful Security Information in API Response - pmeenan - 09-16-2015 04:28 AM

Your best bet is to augment the WebPageTest data with calls to ssl lab's API: https://www.ssllabs.com/projects/ssllabs-apis/

At some point it would be nice to integrate directly in WPT but that's the best bet for getting some baseline security data (make sure to do it for all of the unique domains).

That aslo only covers the TLS part of "security". Security is a pretty open description that includes SQL injection, XSS, etc.


RE: Useful Security Information in API Response - pthompso - 10-07-2015 07:04 AM

Thanks,

I will take a look - sorry for delayed response.