Test descriptions and wiki (suggest fixes)

benbalter / site-inspector

Ruby Gem to sniff information about a domain's technology and capabilities.

https://site-inspector.herokuapp.com

MIT License

89 stars 29 forks source link

Test descriptions and wiki (suggest fixes) #51

Open nofxx opened 9 years ago

nofxx commented 9 years ago

Before all, thanks for the great gem! Let me suggest 'suggestions'. Kinda lika in rubocop:

www: true
root: true
https: false   # Even if self-signed, a SSL Certificate might be nice idea http:://site-inspector/wiki-page
enforces_https: false  # The site accepts non-https connections  http:://site-inspector/wiki-page
downgrades_https: false # The site.....

For each test a more humane description, and a link (only for the test) in the project's wiki page. Could be a flag in the bin/site-inspector to show descriptions for trues too.

benbalter commented 9 years ago

Great call. This came up in https://github.com/benbalter/site-inspector/pull/24#issuecomment-94214663 and is definately something I'd like to see eventually baked in.

nofxx commented 9 years ago

Cool. Enable the wiki, I'll gladly start adding some info. Also to link related gems, eg https://github.com/twitter/secureheaders

benbalter commented 9 years ago

@nofxx I realized, we documented the test descriptions in the readme. Would that be sufficient? How would you envision expanding them?

nofxx commented 9 years ago

@benbalter What's in the readme goes to inline in the cli, and the wiki will contain a page for each key subject. That way is easier for ppl to contribute with the pages, no need to fork.

Example pages: HSTS, HTTPS, XSS,... key points. Each one will have a extended info, shoulds/should nots, how to implement/fix, related gems, et al. In other words: a curated list for that security issue site-inspector is telling me.