Check your website for flaws

ProfessorChill · 07-06-2018, 04:21 AM

It's a pretty good linter if you do web-dev. Checks for some things that you forgot exists.

https://sonarwhal.com/

Synthx · 07-06-2018, 04:39 AM

Wow, thank you for this. I will definitely have to check my websites.

mothered · 07-06-2018, 04:44 AM

With all the security I've Implemented on my (security) site, I'd be surprised If It finds any weaknesses.

I like the fact It also tests loading times etc.
Bookmarked, thanks.

Vultra · 07-06-2018, 05:14 AM

Thank you for the helpful link. Much appreciated.

mothered · 07-06-2018, 05:41 AM

The site's accuracy with It's analysis, remains questionable.

I've just tested Microsoft and It appears (according to the scan), they have some work to do.

Spoiler:

ProfessorChill · 07-06-2018, 05:45 AM

(07-06-2018, 05:41 AM)mothered Wrote: The site's accuracy with It's analysis, remains questionable.

I've just tested Microsoft and It appears (according to the scan), they have some work to do.

Spoiler:

While I agree with that, the scan does give good guidelines. However it may be picking up AXE errors (Acessability)
If you install the open source version (yes they have a github) you can enable and disable certain checks.

Not all checks are made for all websites, these checks are much like formatting errors in Python (ie. use 4 spaces, not 8 spaces).
You know what I mean?

mothered · 07-06-2018, 05:53 AM

(07-06-2018, 05:45 AM)ProfessorChill Wrote:
(07-06-2018, 05:41 AM)mothered Wrote: The site's accuracy with It's analysis, remains questionable.

I've just tested Microsoft and It appears (according to the scan), they have some work to do.

Spoiler:

While I agree with that, the scan does give good guidelines. However it may be picking up AXE errors (Acessability)
If you install the open source version (yes they have a github) you can enable and disable certain checks.

Not all checks are made for all websites, these checks are much like formatting errors in Python (ie. use 4 spaces, not 8 spaces).
You know what I mean?

I certainly agree that It does provide some Insight with the probable errors and security Issues.

As with all scans, Irrespective of their nature, there Is a margin for error, false positives and so forth.
Thanks again for the contribution.

ProfessorChill · 07-06-2018, 05:58 AM

(07-06-2018, 05:41 AM)mothered Wrote: The site's accuracy with It's analysis, remains questionable.

I've just tested Microsoft and It appears (according to the scan), they have some work to do.

Spoiler:

Alright, I ran it as well.

This is for IE7 support (or IE6, can't remember) so it's backwards compatability, however microsoft does not use this because they create based on their newest browser.
This error pops up ALOT
'content-type' header should have media type 'text/javascript' (not 'application/javascript')

This is suggestive, however it's not wrong. Zopfli is better than Gzip. The issue is that it's slower (22 counts of this)
Should be served compressed with Zopfli when gzip compression is requested.

It's not needed, pretty much every website does it though.
Only specific files need that.
'x-xss-protection' header is not needed (this is on a <img> tag)

They probably use a different type of caching, common error even with people who have made websites FOREVER.
That's more of a general guide.
Static resources should have a long cache value (31536000) and use the immutable directive: public, max-age=17516844

It's Microsoft, they probably don't support Apple that well :/
No 'apple-touch-icon' was specified

The list goes on and on, it's general guidelines you should follow, it's like saying you should DOCstring everything, well.... Yes... If you're explaining your code to a retard (that thinks formatting improves performance).

Edit: Just saw your message. Yeah, you get the gist :p

Percent · 07-06-2018, 06:09 AM

I'm relatively new to website developing, and am working on a couple practice sites at the moment. This will definitely come in handy. Thank you. Smile

mothered · 07-06-2018, 06:22 AM

(07-06-2018, 05:58 AM)ProfessorChill Wrote:
(07-06-2018, 05:41 AM)mothered Wrote: The site's accuracy with It's analysis, remains questionable.

I've just tested Microsoft and It appears (according to the scan), they have some work to do.

Spoiler:

Alright, I ran it as well.

This is for IE7 support (or IE6, can't remember) so it's backwards compatability, however microsoft does not use this because they create based on their newest browser.
This error pops up ALOT
'content-type' header should have media type 'text/javascript' (not 'application/javascript')

This is suggestive, however it's not wrong. Zopfli is better than Gzip. The issue is that it's slower (22 counts of this)
Should be served compressed with Zopfli when gzip compression is requested.

It's not needed, pretty much every website does it though.
Only specific files need that.
'x-xss-protection' header is not needed (this is on a <img> tag)

They probably use a different type of caching, common error even with people who have made websites FOREVER.
That's more of a general guide.
Static resources should have a long cache value (31536000) and use the immutable directive: public, max-age=17516844

It's Microsoft, they probably don't support Apple that well :/
No 'apple-touch-icon' was specified

The list goes on and on, it's general guidelines you should follow, it's like saying you should DOCstring everything, well.... Yes... If you're explaining your code to a retard (that thinks formatting improves performance).

Judging by all the above, the site should certainly be used as a general guidance, rather than a conclusive platform for analysis.

I've always been a firm believer In "Some Information, no matter how Irrelevant It may seem at the time, Is better than none". My security site Is In an offline state at the moment (90% complete after 4+ months of work). I may put It online for a few minutes, test, and see the results.

Check your website for flaws
Author Message