andrea.morten/web-check-2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adds support for fetching, parsing security.txt file (#7)

Browse Source
This commit is contained in:
Alicia Sykes
2023-07-24 20:51:46 +01:00
parent 95c2368e7f
commit 73612bb5ba
4 changed files with 100 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/utils/docs.ts
View File

@@ -3,7 +3,7 @@ interface Doc {
title: string;
description: string;
use: string;
resources: string[];
resources: string[] | { title: string, link: string}[];
screenshot?: string;
}
@@ -342,6 +342,26 @@ const docs: Doc[] = [
],
screenshot: 'https://i.ibb.co/GtrCQYq/Screenshot-from-2023-07-21-12-28-38.png',
},
{
id: 'security-txt',
title: 'Security.txt',
description: "The security.txt file tells researchers how they can responsibly disclose any security issues found on your site. "
+ "The standard was proposed in RFC 9116, and specifies that this file should include a point of contact (email address), "
+ "as well as optionally other info, like a link to the security disclosure policy, PGP key, proffered language, policy expiry and more. "
+ "The file should be located at the root of your domain, either at /security.txt or /.well-known/security.txt.",
use: "This is important, as without a defined point of contact a security researcher may be unable to report a critical security issue, "
+ "or may use insecure or possibly public channels to do so. From an OSINT perspective, you may also glean info about a site including "
+ "their posture on security, their CSAF provider, and meta data from the PGP public key.",
resources: [
{ title: 'securitytxt.org', link: 'https://securitytxt.org/'},
{ title: 'RFC-9116 Proposal', link: 'https://datatracker.ietf.org/doc/html/rfc9116'},
{ title: 'RFC-9116 History', link: 'https://datatracker.ietf.org/doc/rfc9116/'},
{ title: 'Security.txt (Wikipedia)', link: 'https://en.wikipedia.org/wiki/Security.txt'},
{ title: 'Example security.txt (Cloudflare)', link: 'https://www.cloudflare.com/.well-known/security.txt'},
{ title: 'Tutorial for creating security.txt (Pieter Bakker)', link: 'https://pieterbakker.com/implementing-security-txt/'},
],
screenshot: 'https://i.ibb.co/tq1FT5r/Screenshot-from-2023-07-24-20-31-21.png',
},
];
export const about = [