W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2016

[sritest.io] New Website SRI Scanner Service

From: Gabor Szathmari <gszathmari@gmail.com>
Date: Wed, 13 Jan 2016 04:14:37 +0000
Message-Id: <13875064-EC6F-4B65-A98A-3628504D0A37@gmail.com>
To: public-webappsec@w3.org
Hi everyone,

I think SRI is a great concept, but there are a lot of things to do with regards to the supporting tools.

To boost the widespread implementation of SRI, I have developed a new service that allows anyone to scan and evaluate their websites for SRI hash usage. The service is similar to Qualys’s SSL Server Test, where anyone can submit URLs to be scanned for SSL implementation. 

The service generates a simple report, which features a ‘grade’ (A to F) based on the number of protected / unprotected assets. The generated reports are actionable, as they also list which JS/CSS assets should be protected by SRI hashes. The target audience of the service is non-tech savvy website owners as well as skilled frontend developers. 

Please give the new service a spin on https://sritest.io <https://sritest.io/> and let me know your thoughts. It is still in beta and under heavy development, so any feedback is very appreciated from you.

Regards,
Gabor Szathmari
gszathmari@gmail.com
Received on Wednesday, 13 January 2016 08:14:45 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:17 UTC