Web Software Securi

Web Software Found

7
Web Software Outdated

5
Web Software Vulnerabilities

0
Fingerprinted CMS & Vulnerabilities
No CMS were fingerprinted on the website.

Information

Fingerprinted CMS Components & Vulnerabilities

jQuery 3.6.0

The component is outdated. No known security vulnerabilities found. Update to the most recent version 3.7.1.

Bootstrap 4.5.2

The component is outdated. No known security vulnerabilities found. Update to the most recent version 4.6.2.

Core-js 3.0.0—3.11.0

The component is outdated. We fingerprinted several possible versions of the component due to slow speed of the web server or
Popper-core 1.16.1

The component is outdated. No known security vulnerabilities found. Update to the most recent version
2.11.8.

Bluebird 3.3.4

The component is outdated. No known security vulnerabilities found. Update to the most recent version 3.7.2.

Pdfh5 1.4.5

The fingerprinted component version is up2date, no security issues were found.

Owlcarousel2
2.3.4
The fingerprinted component version is up2date, no security issues were found.

GDPR Compliance Test

If the website processes or stores personal data of the EU residents, the following requirements of EU GDPR may apply:

PRIVACY POLICY
Privacy Policy was found on the website.

Good configuration

WEBSITE SECURITY
No publicly known vulnerabilities were found in the website CMS or its components.

Good configuration

TLS ENCRYPTION
HTTPS encryption is missing or has known security weaknesses or misconfigurations.

Misconfiguration or
weakness

COOKIE PROTECTION
No cookies with personal or tracking information seem to be sent.

Information

COOKIE DISCLAIMER
No third-party cookies or cookies with tracking information seem to be sent.

Information
 PCI DSS Compliance Test
If the website falls into a CDE (Cardholder Data Environment) scope, the following Requirements of PCI DSS may apply:

REQUIREMENT 6.2
Website CMS or its components seem to be outdated. Check for available updates.

Misconfiguration or
weakness

REQUIREMENT 6.5
No publicly known vulnerabilities seem to be present in the fingerprinted versions the website CMS and its
components.

Good configuration

REQUIREMENT 6.6
The website seems to be protected by a WAF. Review its logs and configuration on a periodic basis.

Good configuration

HTTP Headers Security

Some HTTP headers related to security and privacy are missing or misconfigured.

Misconfiguration or
weakness

MISSING REQUIRED HTTP HEADERS

MISSING OPTIONAL HTTP HEADERS
SERVER
The web server discloses its version, potentially facilitating further attacks against it.

Misconfiguration or
weakness

Server
Server: Apache/2.4.41 (Ubuntu)

X-Frame-Options

X-Content-Type-Options

Access-Control-Allow-Origin

Content Security Policy Test

CONTENT-SECURITY-POLICY
The header was not sent by the server.

Misconfiguration or weakness

Cookies Privacy and Security Analysis

No cookies were sent by the web application.

Good configuration

External Content Privacy and Security Analysis

No external content found on tested page.
 Web Software Security Test
are Found

7
are Outdated

5
are Vulnerabilities

0
& Vulnerabilities
rinted on the website.

Components & Vulnerabilities

dated. No known security vulnerabilities found. Update to the most recent version 3.7.1.

dated. No known security vulnerabilities found. Update to the most recent version 4.6.2.

3.11.0

dated. We fingerprinted several possible versions of the component due to slow speed of the web server or modifications in the component cod
 dated. No known security vulnerabilities found. Update to the most recent version

dated. No known security vulnerabilities found. Update to the most recent version 3.7.2.

mponent version is up2date, no security issues were found.

mponent version is up2date, no security issues were found.

GDPR Compliance Test

s or stores personal data of the EU residents, the following requirements of EU GDPR may apply:

und on the website.

TY
ulnerabilities were found in the website CMS or its components.

missing or has known security weaknesses or misconfigurations.

TION
nal or tracking information seem to be sent.

MER
s or cookies with tracking information seem to be sent.
 PCI DSS Compliance Test
a CDE (Cardholder Data Environment) scope, the following Requirements of PCI DSS may apply:

2
omponents seem to be outdated. Check for available updates.

5
ulnerabilities seem to be present in the fingerprinted versions the website CMS and its

6
be protected by a WAF. Review its logs and configuration on a periodic basis.

HTTP Headers Security

elated to security and privacy are missing or misconfigured.

ED HTTP HEADERS
AL HTTP HEADERS

ses its version, potentially facilitating further attacks against it.

41 (Ubuntu)

X-Content-Type-Options

-Allow-Origin

Permissions-Policy

Content Security Policy Test

ITY-POLICY
nt by the server.

Cookies Privacy and Security Analysis

by the web application.

nal Content Privacy and Security Analysis

und on tested page.
e Security Test

e web server or modifications in the component code. Current most recent version is 3.32.1.
 Dark Web
Security Incidents
4,213 ISSUES FOUND

Phishing
Websites and Pages
NOTHING FOUND

Cybersquatting Domain
Names
NOTHING FOUND

Typosquatting Domain
Names
NOTHING FOUND

Fake Accounts in Social Media

NOTHING FOUND

Dark Web Exposure

Findings on the Dark Web including various hacking forums, underground marketplaces, IRC channels, paste websites
and other resources where cybercriminals usually trade, advertise or share stolen data:
 Potential Phishing Websites and Pages
No mentions (e.g. stolen credentials) detected on the Dark Web

Potential Cybersquatting Domain Names

No cybersquatting domains found

Potential Typosquatting Domain Names

No cybersquatting domains found

Potential Fake Social Media Accounts

No squatted social network accounts found
ccounts in Social Media
NOTHING FOUND

k Web Exposure
ground marketplaces, IRC channels, paste websites
share stolen data:
hing Websites and Pages

rsquatting Domain Names

squatting Domain Names

e Social Media Accounts

 SSL Security Test 25 (SMTP)

Compliance Test
COMPLIANT

Compliance Test
COMPLIANT

Compliance Test
COMPLIANT

External
Content Security
NOT FOUND

The tested service seems to be a SMTP.

rity Test 25 (SMTP)

External
Content Security
NOT FOUND
 SSL Certificate Analysis
RSA CERTIFICATE INFORMATION
Issuer DigiCert Cloud Services CA-1
Trusted Yes
Common Name mail.protection.outlook.com
Key Type/Size RSA 2048 bits
Serial Number 20898729376885947895353361944261793688
Signature Algorithm sha256WithRSAEncryption

Subject DNS:mail.protection.outlook.com, DNS:*.mail.eo.outlook.com, DNS:*.mail.protection.outlook.com,

Alternative DNS:mail.messaging.microsoft.com, DNS:outlook.com, DNS:*.olc.protection.outlook.com, DNS:*.pamx1.hotmail.c
Names DNS:*.mx.microsoft
Transparency YesValidation Level OVCRL http://crl3.digicert.com/DigiCertCloudServicesCA-1-g1.crlO

Supports OCSP Yes

Stapling
Valid From August 01, 2023 01:00 CET
Valid To August 01, 2024 00:59 CET

CERTIFICATE CHAIN
Root CA
Type/Size

Serial Number
Signature
SHA256
PIN
Expires in
Comment

Intermediate CA DigiCert Cloud Services CA-1

Type/Size RSA 2048 bits

 Serial 2153541150232352990208412671116695671
Number
Signature sha256WithRSAEncryption
SHA256 2f6889961a7ca7067e…78e23a1978d2f133d3
PIN UgpUVparimk8QCjtWQ…rykc/L8N66EhFY3VE=
Expires in 2,526 days
Comment -

Server mail.protection.outlook.com
certificate

Type/Size RSA 2048 bits

Serial Number 20898729376885947895353361944261793688

Signature sha256WithRSAEncryption

SHA256 e3679183131fab1042…5e750f7ea341664065
PIN e491lOAI+G4yWs4XJw…Idwd0Kta/1QWWj7es=

Expires in 331 days

Comment -

PCI D
Reference: PCI DSS 3.2.1, Requirements 2.3 and 4.1
CERTIFICATES ARE TRUSTED
All the certificates provided by the server are trusted.
SUPPORTED CIPHERS
List of all cipher suites supported by the server:
TLSV1.2
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_
TLS_RSA_WITH_AES_128_CBC_SHA

SUPPORTED PROTOCOLS
List of all SSL/TLS protocols supported by the server:
Good
configuration

SUPPORTED ELLIPTIC CURVES

List of all elliptic curves supported by the server:
 Good
configuration
Good
configuration
P-384 (secp384r1) (384 bits)
TLSv1.2

P-256 (prime256v1) (256 bits)

POODLE OVER TLS

The server is not vulnerable to POODLE over TLS.
GOLDENDOODLE
The server is not vulnerable to GOLDENDOODLE.
ZOMBIE POODLE
The server is not vulnerable to Zombie POODLE.
SLEEPING POODLE
The server is not vulnerable to Sleeping POODLE.
0-LENGTH OPENSSL
The server is not vulnerable 0-Length OpenSSL.
CVE-2016-2107
The server is not vulnerable to CVE-2016-2107.
SERVER DOES NOT SUPPORT CLIENT-INITIATED INSECURE RENEGOTIATION
The server does not support client-initiated insecure renegotiation. Good configuration
ROBOT
The server is not vulnerable to ROBOT vulnerability.
HEARTBLEED
The server version of OpenSSL is not vulnerable to Heartbleed attack.
CVE-2014-0224
The server is not vulnerable to CCS Injection.
CVE-2021-3449
Not
vulnerable

HIPAA and NI
Reference: HIPAA, Security Rule (Ref. NIST SP 800-52: “Guidelines for the Selection and Use of TLS Implementations”)
X.509 CERTIFICATES ARE IN VERSION 3
All the X509 certificates provided by the server are in version 3.
SERVER SUPPORTS OCSP STAPLING
 Good
configuration

SUPPORTED CIPHERS
List of all cipher suites supported by the server:
TLSV1.2
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_
TLS_RSA_WITH_AES_128_CBC_SHA

SUPPORTED PROTOCOLS
List of all SSL/TLS protocols supported by the server:

Good
configuration

TLSv1.2
 SSL Certificate Analysis

261793688

mail.eo.outlook.com, DNS:*.mail.protection.outlook.com,
outlook.com, DNS:*.olc.protection.outlook.com, DNS:*.pamx1.hotmail.com, DNS:*.mail.protection.outlook.de,

http://crl3.digicert.com/DigiCertCloudServicesCA-1-g1.crlOCSP http://ocspx.digicert.comOCSP Must-Staple No

Yes

DigiCert Global Root CA

RSA 2048 bits

10944719598952040374951832963794454346
sha1WithRSAEncryption
4348a0e9444c78cb26…257f8934a443c70161
r/mIkG3eEpVdm+u/ko…1bk4TyHIlByibiA5E=
2,988 days
Self-signed
 PCI DSS Compliance Test

LS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_A

RSA_WITH_AES_256_GCM_SHA384
WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA
 Not vulnerable

Not vulnerable

Not vulnerable

Not vulnerable

Not vulnerable

Not vulnerable
INSECURE RENEGOTIATION
Good configuration

Not vulnerable

Not vulnerable

Not vulnerable

HIPAA and NIST Compliance Test

idelines for the Selection and Use of TLS Implementations”)

n 3.
LS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
S_ECDHE_RSA_WITH_AES_256_CBC_SHA
RSA_WITH_AES_256_GCM_SHA384
WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA
 Good configuration

ECDHE_RSA_WITH_AES_128_CBC_SHA256

SHA

Good
configuration
Good configuration
 Good
configuration
Good
configuration
Good
SHA configuration
Good
configuration
Good
configuration
Good
configuration
Good
configuration
Good
configuration
Good
configuration
Good
configuration
Good
configuration
Good
configuration
SUPPORTED ELLIPTIC CURVES
List of all elliptic curves supported by the server:
Good configuration

Good configuration

P-384 (secp384r1) (384 bits)

P-256 (prime256v1) (256 bits)
SERVER DOES NOT SUPPORT TLSV1.3
Consider enabling support of TLSv1.3 protocol that is considered to be the most secure and stable version of TLS
protocol.
Informa
SERVER DOES NOT SUPPORT SERVER NAME INDICATIONThe server does not support Server Name Indication (SNI) extension for

Inform
EC_POINT_FORMAT EXTENSIONThe server does not send the EC_POINT_FORMAT TLS extension that allows a client toenumerate th

Industry Best Practices Test

DNSCAA
This domain has a Certification Authority Authorization (CAA) record.
Good configuration
issue: microsoft.com
digicert.com
issue: entrust.net
issue: globalsign.com
issue:
CERTIFICATES DO NOT PROVIDE EV
The RSA certificate provided is NOT an Extended Validation (EV) certificate. Information
SERVER DOES NOT SUPPORT TLSV1.3
Misconfiguration or weakness
Consider enabling support of TLSv1.3 protocol that is considered to be the most secure and stable version of TLS protocol.
SERVER HAS CIPHER PREFERENCE
Good configuration
The server enforces cipher suites preference.
SERVER PREFERRED CIPHER SUITES
Preferred cipher suite for each protocol supported (except SSLv2). Expected configuration are ciphers allowed by PCI DSS and enabl
Good configuration
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SERVER PREFERS CIPHER SUITES PROVIDING PFS
Good configuration
SERVER DOES NOT SUPPORT CLIENT-INITIATED SECURE RENEGOTIATION
 Good configuration
The server does not support client-initiated secure renegotiation.
SERVER-INITIATED SECURE RENEGOTIATION
Good configuration
The server supports secure server-initiated renegotiation.
SERVER DOES NOT SUPPORT TLS COMPRESSION

TLSv1.2
Good configuration
TLS compression is not supported by the server.

External Content Privacy and Security Analysis

No external content found on tested page.
 Information

Information

Information

Test

ormation

f TLS protocol.

wed by PCI DSS and enabling PFS: