Hi! I made this project over the couse of a week to help teach myself more about Django and web app development. I am studying computer security in school and web security is one of my passions. It is a tool that helps web developers ensure that they have implemented helpful security mechanisms like HTTPOnly flags, X-Frame-Options, etc.

There are hundreds of tools that offer to scan websites for things like cross-site scripting, mySQL injection, etc. This tool simply looks for information that is available via one or two GET requests (the headers, protocols, body, etc.). It does NOT attempt to fuzz or otherwise target the site (test parameters or try XSS payloads). I did this because I wanted to lower the barrier of entry.

Other tools require you to upload a file to your site, add some code or prove ownership. Since this site isn't exploiting anything, none of that is necessary. It's super simple to use and is aimed towards non-security people who still want to develop secure web applications.<p>This is a quick project! There's probably a lot of errors or things that behave weirdly (I once got a score of 110% but couldn't replicate it). If you want to check out the code, here it is, free and open-source: https://github.com/matthewdfuller/Web-Security-GUI

Feel free to leave feedback! I'm not looking to make any money (just learn!), so this is free and there are no ads.