Professional Documents
Culture Documents
Apresentação para o Cliente
Apresentação para o Cliente
7
Web Software Outdated
5
Web Software Vulnerabilities
0
Fingerprinted CMS & Vulnerabilities
No CMS were fingerprinted on the website.
Information
The component is outdated. No known security vulnerabilities found. Update to the most recent version 3.7.1.
Bootstrap 4.5.2
The component is outdated. No known security vulnerabilities found. Update to the most recent version 4.6.2.
Core-js 3.0.0—3.11.0
The component is outdated. We fingerprinted several possible versions of the component due to slow speed of the web server or
Popper-core 1.16.1
The component is outdated. No known security vulnerabilities found. Update to the most recent version
2.11.8.
Bluebird 3.3.4
The component is outdated. No known security vulnerabilities found. Update to the most recent version 3.7.2.
Pdfh5 1.4.5
Owlcarousel2
2.3.4
The fingerprinted component version is up2date, no security issues were found.
PRIVACY POLICY
Privacy Policy was found on the website.
Good configuration
WEBSITE SECURITY
No publicly known vulnerabilities were found in the website CMS or its components.
Good configuration
TLS ENCRYPTION
HTTPS encryption is missing or has known security weaknesses or misconfigurations.
Misconfiguration or
weakness
COOKIE PROTECTION
No cookies with personal or tracking information seem to be sent.
Information
COOKIE DISCLAIMER
No third-party cookies or cookies with tracking information seem to be sent.
Information
PCI DSS Compliance Test
If the website falls into a CDE (Cardholder Data Environment) scope, the following Requirements of PCI DSS may apply:
REQUIREMENT 6.2
Website CMS or its components seem to be outdated. Check for available updates.
Misconfiguration or
weakness
REQUIREMENT 6.5
No publicly known vulnerabilities seem to be present in the fingerprinted versions the website CMS and its
components.
Good configuration
REQUIREMENT 6.6
The website seems to be protected by a WAF. Review its logs and configuration on a periodic basis.
Good configuration
Misconfiguration or
weakness
Misconfiguration or
weakness
Server
Server: Apache/2.4.41 (Ubuntu)
X-Frame-Options
X-Content-Type-Options
Access-Control-Allow-Origin
Misconfiguration or weakness
Good configuration
7
are Outdated
5
are Vulnerabilities
0
& Vulnerabilities
rinted on the website.
dated. No known security vulnerabilities found. Update to the most recent version 3.7.1.
dated. No known security vulnerabilities found. Update to the most recent version 4.6.2.
3.11.0
dated. We fingerprinted several possible versions of the component due to slow speed of the web server or modifications in the component cod
dated. No known security vulnerabilities found. Update to the most recent version
dated. No known security vulnerabilities found. Update to the most recent version 3.7.2.
TY
ulnerabilities were found in the website CMS or its components.
TION
nal or tracking information seem to be sent.
MER
s or cookies with tracking information seem to be sent.
PCI DSS Compliance Test
a CDE (Cardholder Data Environment) scope, the following Requirements of PCI DSS may apply:
2
omponents seem to be outdated. Check for available updates.
5
ulnerabilities seem to be present in the fingerprinted versions the website CMS and its
6
be protected by a WAF. Review its logs and configuration on a periodic basis.
ED HTTP HEADERS
AL HTTP HEADERS
41 (Ubuntu)
X-Content-Type-Options
-Allow-Origin
Permissions-Policy
e web server or modifications in the component code. Current most recent version is 3.32.1.
Dark Web
Security Incidents
4,213 ISSUES FOUND
Phishing
Websites and Pages
NOTHING FOUND
Cybersquatting Domain
Names
NOTHING FOUND
Typosquatting Domain
Names
NOTHING FOUND
k Web Exposure
ground marketplaces, IRC channels, paste websites
share stolen data:
hing Websites and Pages
Compliance Test
COMPLIANT
Compliance Test
COMPLIANT
Compliance Test
COMPLIANT
External
Content Security
NOT FOUND
External
Content Security
NOT FOUND
SSL Certificate Analysis
RSA CERTIFICATE INFORMATION
Issuer DigiCert Cloud Services CA-1
Trusted Yes
Common Name mail.protection.outlook.com
Key Type/Size RSA 2048 bits
Serial Number 20898729376885947895353361944261793688
Signature Algorithm sha256WithRSAEncryption
CERTIFICATE CHAIN
Root CA
Type/Size
Serial Number
Signature
SHA256
PIN
Expires in
Comment
Server mail.protection.outlook.com
certificate
Signature sha256WithRSAEncryption
SHA256 e3679183131fab1042…5e750f7ea341664065
PIN e491lOAI+G4yWs4XJw…Idwd0Kta/1QWWj7es=
Comment -
PCI D
Reference: PCI DSS 3.2.1, Requirements 2.3 and 4.1
CERTIFICATES ARE TRUSTED
All the certificates provided by the server are trusted.
SUPPORTED CIPHERS
List of all cipher suites supported by the server:
TLSV1.2
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_
TLS_RSA_WITH_AES_128_CBC_SHA
SUPPORTED PROTOCOLS
List of all SSL/TLS protocols supported by the server:
Good
configuration
HIPAA and NI
Reference: HIPAA, Security Rule (Ref. NIST SP 800-52: “Guidelines for the Selection and Use of TLS Implementations”)
X.509 CERTIFICATES ARE IN VERSION 3
All the X509 certificates provided by the server are in version 3.
SERVER SUPPORTS OCSP STAPLING
Good
configuration
SUPPORTED CIPHERS
List of all cipher suites supported by the server:
TLSV1.2
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_
TLS_RSA_WITH_AES_128_CBC_SHA
SUPPORTED PROTOCOLS
List of all SSL/TLS protocols supported by the server:
Good
configuration
TLSv1.2
SSL Certificate Analysis
261793688
mail.eo.outlook.com, DNS:*.mail.protection.outlook.com,
outlook.com, DNS:*.olc.protection.outlook.com, DNS:*.pamx1.hotmail.com, DNS:*.mail.protection.outlook.de,
Yes
10944719598952040374951832963794454346
sha1WithRSAEncryption
4348a0e9444c78cb26…257f8934a443c70161
r/mIkG3eEpVdm+u/ko…1bk4TyHIlByibiA5E=
2,988 days
Self-signed
PCI DSS Compliance Test
RSA_WITH_AES_256_GCM_SHA384
WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA
Not vulnerable
Not vulnerable
Not vulnerable
Not vulnerable
Not vulnerable
Not vulnerable
INSECURE RENEGOTIATION
Good configuration
Not vulnerable
Not vulnerable
Not vulnerable
n 3.
LS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
S_ECDHE_RSA_WITH_AES_256_CBC_SHA
RSA_WITH_AES_256_GCM_SHA384
WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA
Good configuration
ECDHE_RSA_WITH_AES_128_CBC_SHA256
SHA
Good
configuration
Good configuration
Good
configuration
Good
configuration
Good
SHA configuration
Good
configuration
Good
configuration
Good
configuration
Good
configuration
Good
configuration
Good
configuration
Good
configuration
Good
configuration
Good
configuration
SUPPORTED ELLIPTIC CURVES
List of all elliptic curves supported by the server:
Good configuration
Good configuration
Inform
EC_POINT_FORMAT EXTENSIONThe server does not send the EC_POINT_FORMAT TLS extension that allows a client toenumerate th
TLSv1.2
Good configuration
TLS compression is not supported by the server.
Information
Information
Test
ormation
f TLS protocol.