14 DAY TRIAL // Browsers are always improving security measures and new web technologies are developed with a bigger focus on security than ever before. But, in the end, a secure website is better than a browser that can protect against an insecure one.
But most web developers aren't security experts and they don't have the time or the inclination to become ones. This is why they need better tools and better knowledge to help them create safer sites while letting them focus on what they do, i.e. build useful things.
That's the idea behind a new feature in the Firefox 23 dev tools, which now feature a "security" filter in the Console.
A filter alone isn't much use without security-focused messages from the browser, so Mozilla has added several types of new security messages in the latest Firefox 26 Nightly builds.
"While security should be of paramount importance to any developer, it is a complex subject that is not always part of a web developer’s education and often appears at inconvenient times," Mozilla explained.
"This new messaging helps developers find security-related problems early on in the development life cycle so they can be resolved quickly and effectively," it added.
"Additionally, these messages help educate developers about common issues in web security. Many of the new messages end with a 'Learn More' link that takes you to a wiki with background information and advice for mitigating the security issue," it said
Via the new tab, developers will get a warning every time the browser prevents a resource from loading or otherwise modifies the page due to security concerns. This can happen with mixed content pages, for example.
There will also be warnings about mistakes in the implementation of security features, using deprecated CSP headers or mistyping an HSTS header, Mozilla explains. Finally, the section will also include warnings about common security problems, such as password fields in insecure pages.