What is Snoopercomputer?
Snoopercomputer is a CI-friendly automated security testing tool. It aims to bring the ease of use and flexibility of other RSpec-based tools to verifying the security of web applications.
How does it work?
Snoopercomputer takes information about the endpoints of your web application, in the form of a JSON file, and generates the test run from that. It will make API requests against those endpoints and verify various security features for them, depending on what is specified in the configuration JSON file. More information about the structure of this file and its usage can be found in the repository.
What can it test for?
Right now, Snoopercomputer can test a given endpoint for:
- Presence of clickjacking defense headers
- Improper CORS configuration headers
- Mixed content
- Presence of HSTS header
How can I get involved/use it?
Snoopercomputer is still in an early phase, so contributions are definitely welcome! Head over to the repository to find out more about installing it, using it, or working on it. There's a list of known things that need doing in the list of todo issues.
You can also join the mailing list to stay in touch with Snoopercomputer development updates.