Cyber security disasters still happen every day. Being security-aware is crucial, but it is not enough. So never trust, always verify!
To make security validation simple, testing applications before use is a must. However, a huge drawback is the difficulty of setting up even a few simple tests.
Performing basic security checks before using a website or an application is a real necessity. But inspecting websites or application code before use can be time-consuming. Traditionally, security validation has meant:
- Using a dedicated environment to perform security testing
- Within that environment, installing trustworthy security validation tools
And determining which security tools are good enough to be trusted is a challenge in itself.
Of course, there are simple rules to help decide if a security tool can be trusted.
A good security product should never introduce extra vulnerabilities. However, many security products increase your cyber risk profile instead of lowering it.
Running software in your browser instead of installing it locally offers several security advantages:
- Reduced Attack Surface: No native executables, libraries, or background services are installed on the endpoint. This eliminates risks such as local code injection, DLL hijacking, malicious registry changes, and persistence mechanisms that installed apps can introduce.
- Sandboxed Execution by the Browser: The browser’s built-in sandbox (e.g., site isolation, process separation) restricts the app’s access to the operating system, file system, and other processes. Malicious code cannot easily escape to install malware or read arbitrary local files.
- No Local Data Persistence (by default): Sensitive data remains on the server, reducing the risk of leakage from lost or stolen devices.
To give you a head start, I collect and promote good open security solutions. Below are several excellent 100% browser-based tools that can be used without installation or registration. The code is open source, so you can also host the solution yourself.
A small collection of directly usable online security test suites:
Solution : Python Code Audit (browser version)
What is does : Python Code Audit is a tool designed to security issues in Python code. To do this Python Code Audit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. This browser based version is a must do before installing a Python package from PyPI.org!
Solution: Internet.nl
What it does:Checks websites and email servers for the use of standards—and standards matter for security. Internet.nl is an initiative of the Dutch Internet Standards Platform that helps you check whether your website, email, and internet connection use modern and reliable internet standards.
Solution: SSL Configuration Generator
What it does: Helps directly with the always-difficult task of creating a good SSL configuration for a server, database, etc. Make use of the knowledge of others. If you think a given configuration is not good, create a pull request so everyone benefits. The Mozilla SSL Configuration Generator builds configuration files to help you follow the Mozilla Server Side TLS configuration guidelines.
Solution : PQChoiceAssistant
What is does : Given your input, you get direct solid advice for the best post-quantum cryptography algorithm for your use case. The results of the PQChoiceAssistant are a recommendation, but since it is open source, you can improve this tool with your knowledge.
Solution : Open Source Insights
What is does: deps.dev is a service developed and hosted by Google to help developers better understand the structure, construction, and security of open source software packages. It is great and simple to use for inspection of a security risks of an application!
And when you are done with these simple quick inspections, you can always look deeper and start running trusted local security test software.