http-observatory VS hub-feedback

Here are a few tools you can use: https://www.zaproxy.org/ (Web app scanner) https://www.ssllabs.com/ssltest/analyze.html?d=importer.bilendo.de (SSL server test) https://github.com/santoru/shcheck (Security Header Check) https://observatory.mozilla.org/ (Content Security Policy validator)

Regular Audits: Use tools like Mozilla Observatory or Security Headers to regularly check your headers.

What's better about this vs. Mozilla Observatory.

https://developer.mozilla.org/en-US/observatory (formerly https://observatory.mozilla.org/)

Or Security Headers?

https://securityheaders.com/

Or VENOM?

https://github.com/oshp/oshp-validator

Applaud the effort, these are things that more devs should be aware of when building websites...

Hey some specific feedback on this tool... On mobile, it has a lot of "view port wobble" and the input fields aren't keyed right, it's just using a straight text input field so you don't get any ".com" buttons as you type. Small UX stuff like that annoy me more than if a page has a privacy policy setup correctly. (=

Detectify once made an offer of making free scans which I took them up on. There are plenty of free Content Security Policy (CSP) and other vulnerability checkers around such as Observatory or Pentest. Shields UP!! will identify which ports you have open.

Website Headers Analyzer (Mozilla)

scan our site with Mozilla Observatory and improve our grade by registering a domain name, enabling HTTPS, adding a certificate and setting security headers

First, for session persistence, go with the default Django session with cookie storage. Set your cookie to HTTP only and ensure your application uses the most common HTTP security headers and controls. Test your application with https://observatory.mozilla.org/ to have an idea of what you're missing.

Mozilla Observatory

Note: You'll need an account on Dockerhub

Download the hello-world container from Docker Hub

Step 6: Set Up DockerHub Go to https://hub.docker.com and create an account if you don’t have one.

Docker Hub allows to host only one private repository for docker images for free which means that if I have multiple projects I need to buy premium plan on Docker Hub. But if use docker image tag as not version but as service name like I did: weaxme/pet-project:ai-business-founder-latest, Docker Hum allows to host infinity number of pet projects on the free plan. Because image tag is a service name and version instead of docker registry policy to keep service name before image tag. ## Key Learnings

Pull Required Docker Images Before running containers, Docker must download the necessary images from Docker Hub. Example: I used the following commands to pull the images I needed manually docker pull mongo docker pull mongo-express Docker will also pull these images automatically the first time you run the containers, but it's good practice to be explicit when setting things up. Visit - https://hub.docker.com/

1) Create the account on https://hub.docker.com/ so you can trace your docker container/images.

Compatibility with standard tools: Functions with OCI-compliant registries such as Docker Hub and integrates with widely-used tools including Hugging Face, ZenML, and Git.

fserver@localhost:~$ docker run hello-world Unable to find image 'hello-world:latest' locally latest: Pulling from library/hello-world e6590344b1a5: Pull complete Digest: sha256:c41088499908a59aae84b0a49c70e86f4731e588a737f1637e73c8c09d995654 Status: Downloaded newer image for hello-world:latest Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (amd64) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID: https://hub.docker.com/ For more examples and ideas, visit: https://docs.docker.com/get-started/

Create Docker Hub account: https://hub.docker.com

Go to https://hub.docker.com/ and you’ll see your freshly pushed image under Repositories!