Skip to main content

If you don’t know about HTTP Archive’s Web Almanac yet, you should!

Written by:
wordpress-sync/SnykIaCCLIEnhancements-GA_feature

November 1, 2024

0 mins read

Most, if not all, of us in the software development space have benefitted from community-driven projects at some point. We’ve tapped into open source libraries, searched for advice on Reddit, and posted our seemingly unsolvable questions on Stack Overflow. 

But you might be missing out on a community project that especially excites me. It’s the Web Almanac, a collaborative report that provides tons of valuable insights into how people build and use the web. 

The last edition came out two years ago and is definitely worth a look if you haven’t checked it out yet. I’m also excited to announce that the 2024 edition of the HTTP Archive State of the Web Report is set to come out this November. I had the opportunity to participate in the 2022 edition as a reviewer and contributor for the Security chapter of the report, and am looking forward to participating in this upcoming report as a reviewer again. 

As we count down to the release of the 2024 Web Almanac, I’d like to share a few insights about this project and how your team can look forward to using the data from the 2024 report when it goes public. 

What is the Web Almanac?

The Web Almanac is a collaborative project that analyzes how the web is built by analyzing data from millions of websites. It’s unique because it’s completely community-driven, created by a group of people coming together voluntarily.

The Web Almanac is divided into chapters that are authored by experts in those particular areas. The last edition covered key areas like page content (CSS, fonts, Javascript, etc.), user experience (SEO, privacy, security, etc.), content publishing (CMS, Jamstack, etc.), and content distribution (HTTP, CDN, etc.) 

Where does the Web Almanac’s data come from?

To create this report, the community uses metrics sourced from the HTTP Archive’s periodic web crawls and compiled into a public BigQuery database. The last edition included 43.88 TB of data from 8.36 million websites. Using this valuable data, we can conclude how everyday users interact with the Internet. 

Who participates in this project?

Web experts from various backgrounds come together to contribute to the Web Almanac. They take on voluntary roles like chapter leads, authors, reviewers, analysts, editors, and coordinators. As an author and reviewer for the “security” chapter in the last edition, it was a great experience to collaborate with so many others who were eager to get deep into the research and put together actionable insights.

How security teams can use insights from the Web Almanac 

When the Web Almanac 2024 goes public in a few months, there are a few ways that security teams can interact with the data and use it to inform their strategies. Here are two suggestions for how they can turn the data points from this research into actionable next steps:

  • New feature discovery. The Web Almanac is a great resource for learning about standout application security features. For instance, the 2022 Web Almanac offers several recommendations for attack prevention. This rich, real-world data could serve as benchmarks or standards for a company to follow. We can look forward to seeing similar takeaways in the 2024 edition. 

  • Gap analysis. It’s also a great way to see common areas where websites fall short in security best practices. If a key security feature is missing for the majority of website providers, there’s a chance that you will find these shortcomings on your websites as well. 

Community matters in the DevSecOps report

This report shows amazing things can happen when people come together and openly share knowledge. Here at Snyk, we believe that application security is a “team sport” and love facilitating community discussions through our DevSecOps community. 

If the idea of participating in a DevSecOps community excites you, be sure to check out our global space for developers, operations, and security practitioners: DevSecCon. And if you want to get involved in the upcoming Web Almanac, learn how you can participate on GitHub.

wordpress-sync/SnykIaCCLIEnhancements-GA_feature

Snyk Top 10: Vulnerabilites you should know

Find out which types of vulnerabilities are most likely to appear in your projects based on Snyk scan results and security research.