OWASP SecureHeaders Project
SecureHeaders project consist in two main modules:
- an engine to scan a list of sites fastly and with minimal resources;
- a web interface with a dashboard to view, search and customize besides provide insight and feedback about the use of HTTP secure headers.
HTTP secure headers are resources known to some and despised by others. However it's a fact that the versatility and security provided by feature can help make web applications more secure.
The SecureHeaers webui provide an easyly way to see and search all data gathering with scanner module. For now it's possible to see a dashboard with main HTTP secure headers documented OWASP web page and also provide a way to search secure headers set in each page analyzed as your adoption by other users.
- docker engine
- docker-compose
docker-compose up -d
The scanner module it's responsible to catch all secure headers data from csv list.
notice: the module work, however it is under rebuild process to make it more effective, robust and much better.
Check requirements-txt.
pip install -r requirements-txt
See the wiki page to see more about how to use, contribute and much more.