Snyk Blog

Test website security with Snyk’s newest WebPageTest integration

Written by:
Liran Tal
Liran Tal
wordpress-sync/Blog-illustrations-feature

May 14, 2020

0 mins read

We are excited to announce the security integration with WebPageTest!

These newly introduced data points for all tested pages enrich existing website performance tests with further visibility into security details, such as HTTP security headers and vulnerable JavaScript libraries found on a website.

We at Snyk know that web developers have many cross-cutting concerns they need to handle — for example, performance, accessibility, and security — and we set out to help address one of those concerns with the help of a super popular tool — WebPageTest.

If you ever worked on improving your website’s speed, chances are you’ve used WebPageTest. It’s a great tool with detailed metrics on website performance tests. However, it lacked access to security insights. But don’t worry—with the Snyk integration, this issue is solved.

How do I start testing for website security?

Head over to https://webpagetest.org and type in a website address to scan.

In the screenshot below we used the Snyk websites to get performance and security insights.

When you’re done click START TEST to begin the scan:

test-website-performance

Once testing is complete, WebPageTest presents the following page with the test results.

You’ll now notice the addition of a new top-level score: Security score.

The https://snyk.io website got a score of A:

web-page-performance-snyk

But what does this score represent??

Click on the A score to open the detailed security insights page:

website-scanner-for-javascript

The results provide:

  1. the security grade with a link that explains how we calculate an overall score,

  2. details about any JavaScript libraries that were found to be vulnerable in the tested website,

  3. a list of HTTP security headers that the website responds with, and a list of those that are missing.

We are fully transparent about how we calculate the overall score and grade for a website. If you are curious to learn more about calculating the website security score, we have a blog post about website security score explained, head over to our blog post: website security score explained.

Website security

In conclusion, we invite you to run a website security check at https://webpagetest.org and on snyk.io/website-scanner to ensure your website is up to par with security requirements concerning HTTP security headers and proper use of 3rd-party JavaScript libraries.

If you don’t have a Snyk account yet, it is free to sign up for both open source projects and private repositories. With Snyk, you’ll find those 3rd-party library vulnerabilities long before you deploy to production, and once you deploy Snyk will monitor them closely and alert you, if new vulnerabilities have been discovered.

Live Hack: Exploiting AI-Generated Code

Gain insights into best practices for utilizing generative AI coding tools securely in our upcoming live hacking session.

Register now

Posted in:Open Source Security, Application Security

Guide to Choosing a SAST Solution

See the process for assessing, selecting, and implementing a modern SAST solution based on a four phase process and find the best fit for your specific security needs.

See the guide
Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo

Product

Developer Security PlatformSnyk Code (SAST)Snyk Open Source (SCA)Snyk ContainerSnyk Infrastructure as CodeApplication securitySoftware supply chain securityASPMSecure AI-generated code DeepCode AIPricingDeployment optionsIntegrationsIDE pluginsGit SecurityCI/CD pipelines securityWhat is Snyk?Snyk CLISnyk LearnSnyk for JavaScript

Resources

DocumentationSnyk API DocsAPI statusDisclosed vulnerabilitiesSupport portal & FAQ’sBlogSecurity fundamentalsResources for security leadersResources for ethical hackersDeveloper security educationVulnerability DatabaseSnyk OSS AdvisorSnyk Top 10Videos

Company

AboutCustomersCareersEventsSnyk for governmentPress kitSecurity & trustLegal termsPrivacyFor California residents: Do not sell my personal information

Connect

Book a live demoContact usSupportReport a new vuln

Security

Application SecurityContainer SecuritySupply Chain SecurityJavaScript SecurityOpen Source SecurityAWS SecuritySecure SDLCSecurity postureSecure codingEthical HackingAI in cybersecurityCode CheckerPythonEnterprise CybersecurityJavaScriptSnyk With GitHub

© 2023 Snyk Limited
Registered in England and Wales

logo-devseccon