Base Security Level Only

Web Security Map monitors a range of modern security standards. They are required for operating an internet service securely. Many of these are mandated by governments and standard bodies worldwide.

For example: when visiting a website, a secure (HTTPS) connection is needed to ensure integrity and privacy.

Web Security Map is intended for public installation and visibility: allowing everyone in the world to see results. This creates accountability. Because of the public nature of Web Security Map, there are limitations in its capabilities.

Transparency comes with responsibility: Web Security Map only explicitly scans and published information that does not increase risk. The data published with Web Security Map gives a first impression about risk monitoring, handling and mitigation of an organization.

Scanned and published

Security StandardTechnologyMax. Severity
DNSSECDNSHigh
TLS Encryption QualityHTTP / TLSHigh
Trust in TLS CertificateHTTP / TLSHigh
Websites without TLSHTTP / TLSHigh
Unencrypted File TransferFTP / authHigh
Encrypted Mail TransportMail / TLSHigh
SPF RecordMail / DNSMedium
DKIM RecordMail / DNSMedium
DMARC RecordMail / DNSMedium
Strict Transport SecurityHTTPMedium
X-Frame-OptionsHTTPMedium
X-Content-Type-OptionsHTTPLow
X-XSS-ProtectionHTTPLow
Table of issues scanned for with Web Security Map

Out of scope

Transparency comes with responsibility. This means the following risks will not be scanned and publicly reported. These types are handled in Responsible Disclosure vulnerability programs.

Web Security Map does not scan or report on critical security risks such as:

SQL injection, Path Traversal, Vulnerable Versions (banner grabbing), Buffer Overflows, Weak passwords, Open Directories, Severe Misconfigurations, Missing Authentication, Permission Issues, Insecure Uploads and many others.