¶ Scoring
The Scoring module is aimed to evaluate the website's overall security grade. The assessment is based on the OWASP standard, and the results may appear subjective. At the beginning of the scan, each resource is assumed to be 100% secure. If the module detects a discrepancy in one of the checkpoints, it subtracts a percentage from the total score based on the significance of the risk.
Currently, there are 13 checkpoints. They are:
- SSL - Checks for the validity of the SSL certificate.
- CMS - Checks for obsolete CMS versions and checks for CVE on detected CMS.
- Malware - Scans the resources for well-known malware such as worms, trojans, viruses, etc.
- Security.txt - Checks for compliance with the security.txt standard
- Defacement - Checks for the traces of an injected defacement.
- JS components - Checks for obsolete versions of JS libraries, and the presence of CVE for detected versions of libraries.
- HTTP methods - Checks for support for insecure HTTP methods.
- Robots.txt - Checks for the presence of robots.txt.
- Web Application Firewall (WAF) - Checks for the presence of WAF.
- Open ports - Check for the presence of open ports.
- Secure Cookies - Checks for the presence of cookies and the security of cookie settings.
- HTTP Security Headers & CSP - Checks for the presence of secure HTTP headers, and the validity of the setting of the detected headers.
- Email Leakage - Checks for email leaks.
It is important to note that the module just monitors website health and provides recommendations. It does not automatically fix the issues identified in the results due to the high risk of potential website damage. Moreover, our system does not have access to change many of the configurations described in the module.
The module does not support on-demand scanning and refreshes results once a week.
¶ High Medium and Low labels
Each section has its own rating on the security assessment, categorized as High, Medium, or Low impacting the overall score.