Inspiration
Every junior dev has shipped a site and wondered: "Is this actually secure?" Tools like Google Lighthouse made performance auditing accessible — but nothing did the same for security. With AI features now embedded in websites everywhere, we wanted to build the missing tool: a one-click security audit mapped to the OWASP Top 10 for LLM & GenAI 2025.
What it does
Paste any URL and get a full audit in seconds — no install, no account needed. WebAudit checks 6 categories: Performance, Accessibility, SEO, Best Practices, Security (mapped to OWASP LLM01–LLM10), and Compliance (GDPR, privacy). Results include scores, grade badges, pass/fail details with fix guidance, shareable links, and HTML/JSON exports.
How we built it React 19 + Tailwind CSS frontend, Node.js + tRPC backend, and a custom Puppeteer headless Chrome audit engine running 90+ checks. Results are stored in MySQL via Drizzle ORM. Security checks are manually mapped to OWASP Top 10 for LLM & GenAI Applications 2025.
Challenges we ran into
The trickiest bug was an ES Module vs CommonJS conflict — the audit engine crashed silently at runtime until we added a scoped package.json to override the module type. We also had to design OWASP LLM 2025 checks for passive web scanning, since many AI risks aren't externally visible without active exploitation.
Accomplishments that we're proud of 90+ checks across 6 categories, fully working end-to-end One of the first tools mapped to OWASP LLM & GenAI Top 10 2025 Polished UI with animated gauges, shareable results, and downloadable reports Zero TypeScript errors, 11/11 tests passing at submission
What we learned Security is a UX problem as much as a technical one. Presenting findings clearly to junior devs was harder than writing the checks. We also learned that OWASP LLM 2025 is genuinely new territory — most tools still use the 2021 list.
What's next for WebAudit GenAI Readiness Score — a dedicated sub-score from LLM01–LLM10 checks CI/CD integration — block deployments when security scores drop Scheduled audits with email alerts — weekly score monitoring per URL
Built With
- node.js-+-trpc-backend
Log in or sign up for Devpost to join the conversation.