Challenge: Extracting Security Headers From Website

Compito

Swipe to start coding

This task aims to create a function that extracts specific security headers from a given website. By analyzing the extracted headers, you can assess the web application's security posture. This includes understanding how the application is configured to handle security-related aspects.
Your task is to:

Get a response from the corresponding website using the .get() function of the requests library.
Extract all headers from the response using the .headers attribute of the response object.
Return information about corresponding headers from the function using variable names (csp_header and hsts_header).

Note

The objective of this assignment is to gain familiarity with the process of extracting headers. The analysis of header content falls outside the scope of this course.

Soluzione

import requests

def get_security_headers(url):

try:

# Send an HTTP GET request to the URL

response = requests.get(url)

# Get the headers from the response

headers = response.headers

# Extract Content-Security-Policy (CSP) header

csp_header = headers.get('Content-Security-Policy', 'CSP header not found')

# Extract Strict-Transport-Security (HSTS) header

hsts_header = headers.get('Strict-Transport-Security', 'HSTS header not found')

return {

'CSP': csp_header, 'HSTS': hsts_header

}

except requests.exceptions.RequestException as e:

return f'Error: {e}'

# Example usage:

url_to_check = 'https://www.kaggle.com'

security_headers = get_security_headers(url_to_check)

# Print the extracted headers

print(f'CSP Header: {security_headers["CSP"]}')

print(f'HSTS Header: {security_headers["HSTS"]}')

Tutto è chiaro?

Grazie per i tuoi commenti!

Sezione 2. Capitolo 8

single