Useful Security Information in API Response

pthompso · September 15, 2015, 2:34pm

Hi Guys,

Background: I use WPT to build performance reports for client websites, a request has come in to show some baseline security info too.

I was wondering if there are any suggestions for gathering security information from WPT API responses, I know there are some datapoints regarding certs etc, but is there anything else that could be used as a basic security profile for the site bing tested.

I know WPT test is a performance tool, and I am looking into some security testing scripts as well for this job, just checking if anyone had some advice as I would like to leverage anything I could from WPT.

thanks.

pmeenan · September 15, 2015, 6:28pm

Your best bet is to augment the WebPageTest data with calls to ssl lab’s API: Qualys SSL Labs - Projects / SSL Labs APIs

At some point it would be nice to integrate directly in WPT but that’s the best bet for getting some baseline security data (make sure to do it for all of the unique domains).

That aslo only covers the TLS part of “security”. Security is a pretty open description that includes SQL injection, XSS, etc.

pthompso · October 6, 2015, 9:04pm

Thanks,

I will take a look - sorry for delayed response.

Topic		Replies	Views
Unexpected HTTP Calls \| MS Edge Test Results Support	0	868	April 12, 2023
Website checking my browser Discuss Test Results	0	161	March 29, 2019
Page Speed Score Support	1	120	March 15, 2011
WebPageTest API Wrapper for NodeJS Announcements	0	311	November 27, 2012
strange gap results Support	8	181	February 16, 2016

Useful Security Information in API Response

Related topics