Hi all,
I've recently found out that the out-of-the-box nopCommerce installation doesn't have health checks. CMS' such as Umbraco have health checks, which also checks the security of an application. For example, whether a security header has been set.
Since nopCommerce doesn't have it yet, I thought "hey why not implement it myself?", and I've started beginning to brainstorm on some ideas. My company also supports this idea, so I can also work on it during working hours.
My initial idea is to create an extra security tab in the admin panel which does a security health check. The underlying idea would be to read out the web.config and/or make a request to the page to check whether security headers has been set. I will also copy some checks from the Umbraco health check and also the observatory tool by Mozilla.
What does the nop community think of the idea? I eventually want to merge this into the nopCommerce project. :)