SecureHeaders

OWASP SecureHeaders Project

SecureHeaders project consist in two main modules:

1. an engine to scan a list of sites fastly and with minimal resources;
2. a web interface with a dashboard to view, search and customize besides provide insight and feedback about the use of HTTP secure headers.

HTTP secure headers are resources known to some and despised by others. However it's a fact that the versatility and security provided by feature can help make web applications more secure.

Architecture

Web Interface

The SecureHeaers webui provide an easyly way to see and search all data gathering with scanner module. For now it's possible to see a dashboard with main HTTP secure headers documented OWASP web page and also provide a way to search secure headers set in each page analyzed as your adoption by other users.

Dependencies

• docker engine
• docker-compose

Installation

docker-compose up -d

Scanner

The scanner module it's responsible to catch all secure headers data from csv list.

notice: the module work, however it is under rebuild process to make it more effective, robust and much better.

Dependencies

Check requirements-txt.

Installation

pip install -r requirements-txt

More

See the wiki page to see more about how to use, contribute and much more.