The platform performs a range of checks which are then used to display a final analysis in an easy to use interface.

There are four broad assessment categories which these checks fall into:

(1) Assessing the organisation for historic (or current) malicious activity, including:

  • Whether an organisation has had their domain blacklisted for spam
  • Whether an organisation has been identified as hosting malware on their domains
  • Whether an organisation has been identified as a source of phishing attacks
  • Whether an organisation has been identified as a source of botnet attacks

(2) Assessing security misconfigurations and vulnerabilities related to server configuration, including:

  • Whether an organisation has a strong process for correctly configuring all their encryption (SSL/TLS) certificates
  • Whether an organisation has insecure (ie. unencrypted) ports open to the Internet
  • DNS server configuration

(3) Assessing security misconfigurations and vulnerabilities related to e-mail system configuration, including:

  • Whether an organisation uses strong email security technology (SPF and DMARC)
  • Whether employees of an organisation have used their corporate email addresses on external accounts, and whether they have then been the subject of a data breach

(4) Assessing security misconfigurations and vulnerabilities related to critical web applications, including:

  • A range of security header checks.

Screenshot of the interface is provided below:

The full set of assessments, and corresponding recommendations are:

 

Check Name

Check Detail

Recommendation

Malware Source

  • This check determines whether your Primary Domain is listed in the "Malware Domain List" blacklist (www.malwaredomainlist.com). If your domain has failed this check, it is likely that at some point it was used to host malicious content such as malware or phishing pages, which could be an indicator that your website or domain has been compromised.

  • If this check is marked as ‘RISK’ and this is your domain, we recommend that you contact the administrators of www.malwaredomainlist.com in order to determine what triggered the addition and to get your site removed.

Sensitive Ports

  • This check determines whether your Primary Domain exposes any potentially sensitive services such as administrative interfaces or database endpoints. Exposure of such interfaces to the public Internet increases the likelihood of compromise by malicious parties, and is typically the result of service or firewall misconfiguration.

  • If this check is marked as ‘RISK’ and this is your domain, we recommend that you review whether there is need to expose these interfaces to the Internet and shut them down where possible.

Breached Emails

  • This check determines whether your Email Domain (or Primary Domain if an Email Domain was not provided) are listed have been included in data breaches catalogued by the "Haveibeenpwned" service (https://haveibeenpwned.com). Credentials used on other websites could potentially be valid for your environment due to password reuse by end-users, and could potentially be used by a malicious party to compromise your systems.

  • If this check is marked as ‘RISK’ and this is your domain, we recommend that you review which email addresses or users were exposed in this manner, and consider forcing password resets for these users.

SPF Record Check

  • This check determines whether there is an SPF record defined for your Email Domain (or Primary Domain if an Email Domain was not provided). A "Sender Policy Framework" (SPF) record defines which mail servers are permitted to send email on behalf of your domain, which serves to protect you from spammers attempting to imitate your domain.

  • If this check is marked as ‘RISK’ and this is your domain, we recommend that you implement an SPF record for the domain.

DMARC Check

  • This check determines whether a DMARC record has been defined for your Email Domain (or Primary Domain if an Email Domain was not provided) using the mxtoolbox service (https://mxtoolbox.com). The DMARC policy published in this record can be used to prevent attackers from forging emails for your organization.

  • If this check is marked as ‘RISK’ and this is your domain, we recommend that you define a DMARC policy for your domain.

Domain Expiry

  • This check determines whether any of the domains you have provided are expired.

  • If this check is marked as ‘RISK’ and this is your domain, we recommend that you renew your domain registry.

DNS Zone Transfer

  • This check determines whether the nameservers for your Primary Domain support zone transfers. A zone transfer is a transfer of all records for your domain, which could potentially leak information about your internal and external infrastructure that would be useful to an attacker.

  • If this check is marked as ‘RISK’ and this is your domain, we recommend that you disable or restrict zone transfers for your domain.

Open Recursive DNS

  • This check determines whether the nameservers for your Primary Domain permit recursive DNS lookups for anyone on the Internet. This kind of DNS query can be used in a "DNS amplification" denial of service attacks by malicious actors.

  • If this check is marked as ‘RISK’ and this is your domain, we recommend that you disable or restrict zone transfers for your domain.

Strict Transport Security

  • HTTP Strict Transport Security (HSTS) policy informs a browser to only send communications over HTTPS. In the event that an application is vulnerable to HTTPS downgrade attacks, the lack of an HSTS header may result in a browser sending unencrypted communications over HTTP, resulting in unintended disclosure of sensitive communications.

  • If this check is marked as 'RISK', we recommend that you implement an HTTP Strict Transport Security (HSTS) header.

The HTTP X-XSS-Protection Header

  • Cross-site Scripting (XSS) Protection enables the built-in controls preventing against Cross-site Scripting attacks available in certain web browsers. Without this control, in the event the application is vulnerable to cross-site scripting attacks, the browser may unknowingly allow execution of injected third-party scripts.
  • If this check is marked as 'RISK', we recommend that you implement an HTTP X-XSS-Protection header.

X Frame Option

  • Framing Protection Controls define whether or not a particular page is allowed to be rendered within a frame tag. As framing is allowed by default, an insufficient framing policy makes it possible to embed an affected application within an untrusted third party domain.

  • If this check is marked as 'RISK', we recommend that you implement an X Frame Options header.

X Content Type Options

  • Content Type Protection prevents certain web browsers from being tricked into loading application responses in an unintended format. Without a Content Types Option header, a browser may be tricked into loading the application in an unintended and unauthorised format resulting in execution of malicious software within the context of the user’s browser.

  • If this check is marked as 'RISK', we recommend that you implement an X Content Type Options header.

Content Security Policy

  • Content Security Policy (CSP) prevents loading of injected third party scripts in the web browser. Without this control, in the event the application is vulnerable to cross-site scripting attacks, the browser may unknowingly allow execution of injected third-party scripts.

  • If this check is marked as 'RISK', we recommend that you implement an HTTP Content Security Policy header.

Public Key Pins

  • Public Key Pins (HPKP) inform the web browser to only communicate with the server using an expected public key. This can help prevent Man-in-the-Middle (MiTM) attacks as an attacker will not be able to use forged certificates.

  • If this check is marked as 'RISK', we recommend that you consider implementing an HTTP Public Key Pinning (HPKP) header, recognising that it can be difficult to do so.

Referrer Policy

  • The Referrer Policy instructs the browser when a ‘Referrer’ header should be sent and what information the header should include. The lack of Referrer Policy may result in unintended disclosure of sensitive information contained within a URL.

  • If this check is marked as 'RISK', we recommend that you implement an HTTP Referrer Policy header.

Secure Mail Server

  • This check determines whether mail servers for your Email Domain (or Primary Domain if an Email Domain was not provided) support the use of SSL/TLS encryption for email traffic. The lack of support for email traffic encryption increase the risk of attackers being able to read and modify email traffic for the domain.

  • If this check is marked as ‘RISK’ and this is your domain, we recommend that you enable the use of SSL/TLS for email traffic.

SSL/TLS Vulnerabilities

  • This check determines whether any services exposed on identified subdomains are using SSL/TLS libraries with known vulnerabilities, potentially exposing service traffic to interception or manipulation by an appropriately placed attacker. These vulnerabilities range in severity from the severe (Heartbleed) to the common (BREACH). Details on the handling of these and how an overall grade is determined, is provided at https://help.securitycolony.com

  • If this check is marked as ‘RISK’ and this is your domain, we recommend that you reconfigure or update SSL/TLS as appropriate to address the identified vulnerabilities.

Certificate Status

  • This check determines whether there are any issues with the SSL certificates used to identify services exposed by hosts on your identified subdomains. Some of these issues could potentially be used by a sufficiently resourced attacker to impersonate these services. The check identifies the presence of issues related to key lengths, certificate chaining, timestamps and revocation status. Details on the handling of these and how an overall grade is determined, is provided at https://help.securitycolony.com

  • If this check is marked as ‘RISK’ and this is your domain, we recommend that you resolve the identified issues by re-issuing secure certificates as appropriate.

SSL/TLS security enhancements

  • This check determines whether services exposed by hosts on your identified subdomains implement additional SSL/TLS protective measures that further improve the security of service traffic. Details on the handling of these and how an overall grade is determined, is provided at https://help.securitycolony.com

  • If this check is marked as ‘RISK’ and this is your domain, we recommend that you consider implementing these additional protections where possible to further improve the resilience of service traffic to interception or tampering attempts.

Email Enumeration

  • This check determines whether any email addresses for your Email Domain (or Primary Domain if an Email Domain was not provided) are listed by the hunter.io service. Email addresses easily discovered in this manner could be used for phishing attacks against your organization.

  • This issue is not itself a risk; however if the findings here are a concern, then we recommend that you provide additional phishing awareness training to your employees.

Subdomain Enumeration

  • This check determines whether any subdomains have been found using the "sublist3r" subdomain enumeration tool. Subdomains could potentially point to vulnerable or otherwise interesting systems that are not intended to be accessed by normal users, but are nonetheless discoverable.

  • This issue is not itself a risk; however if the findings here are a concern, then we recommend that you review the discovered subdomains to ensure that nothing sensitive is being exposed.”

Map of subdomain locations

  • This map provides the physical locations of all identified subdomain servers, based on geo-location information.

  • This issue is not itself a risk; however if servers appear to exist in countries where you aren't expecting them, this is worth investigating.