An automated tool for website security assessment : Demonstration on Swedish authorities’ websites

Valdaserides Olofsson, Max, Stengård, Malte

January 2024

The evolution of internet has affected society in many ways. Organizations and authorities offer their services on their many corresponding websites. Consequently, secure connections to these websites are a necessity, in addition to continuously evaluate their security. Many studies exist on website security analysis of some set of websites and it is found that researchers often develop and utilize several toolsand scripts for their studies - one for collecting data, one for parsing the output, and one for visualizing the data. Undoubtedly, this whole process is labor intensive, and for this reason we in this thesis propose a tool that automates this whole process. Moreover, the Swedish authorities and their corresponding websites provide information and services regarding their specific areas of expertise that are essential for the functioning of the Swedish society. As such, this puts a high expectation of the usage of state-of-the-art security technology and best practice implementations on these websites in order to keep the Swedish society functioning and keep their websites’ visitors safe. For this reason, we in this thesis focus on mainly two things: 1. Design and develop a tool that will be easy to use to collect a set of websites’ security parameter implementations and best practices, and thereafter automatically and adequately visualize this data to assess the websites’ security readiness; and 2. Demonstrate the developed tool on the Swedish authorities’ websites to assess their website security readiness. The result shows a good overall security in the Swedish authorities’ websites, though there is room for improvement.

security.txt

TLS

https

http security headers

cipher suite

Swedish authorities

automation

Computer Sciences

Datavetenskap (datalogi)