Demystifying Our Website Security Reports

TLDR; You can download an example of our website security reports in PDF and XLSX formats.

Today we want to provide you with a quick overview of the deliverables that we produce for you when you purchase an expert website security report for your website/web application.

What Is Your Process?

Once you enter your website address in our website checkup portal and click on the "Check" button, our platform starts running the following tasks in the background:

1. Verify that the requested web address is valid.
2. Verify that the requested website is online.
3. Fetch a copy of the latest security report of the website in question from our cache.
4. In case we don't have any history for the website in question, or the user explicitly requested a new security scan by marking the checkbox below the search box, then we start the generation of a security report for your website.

Which Data Points Do You Collect?

When we initiate the generation of a new website security report for your website, we check and collect the following data points:

1. Domain Name
   We use more than 10 data sources to collect the following data about your website’s domain name: Registrar, Name Servers, Registration Date, and Expiration Date. On top of that, we also collect data about malware infections related to your domain name.

2. IP Address
   We use more than 10 data sources to collect the following data about your website’s IP address: IP Address, ISP, and Country. On top of that, we also collect data about malware infections related to your IP address.

3. Subdomains
   We use more than 10 data sources to collect a list of subdomains related to your website’s domain name.
   
   
4. Leaked Passwords
   We check more than 600 data sources of leaked and exposed information across the Dark Web to locate any credentials related to your website’s domain name (e.g., email addresses, usernames, passwords, etc.).
   
   
5. Email Security
   We review the DNS records of your domain for email-related records and protocols (MX, SPF, and DMARC). We also run diagnostics to detect any misconfigurations in these records and protocols.

6. SSL Information
   We review the SSL certificate of your website and run diagnostics to detect any SSL-related vulnerabilities and misconfigurations.
   
   
7. Open Ports
   We check and collect data about open ports and the listening services on your website’s hosting server.
   
   
8. Vulnerabilities
   We check and collect data about application-related security vulnerabilities on your website/web application.

How Do You Produce Mitigation Recommendations?

Once we collected the data points mentioned above, we start the analysis and generation of tailored mitigation recommendations. We use a proprietary ML-based matching algorithm to match between each security finding and its relevant mitigation recommendation, including the grouping of similar findings by context, to provide you with the most effective plan to improve the security of your website/web application.

Can You Provide Sample Reports?

We welcome you to review our sample reports for the website “http://hooli.xyz/”:

1. PDF Report - This PDF file includes a high-level summary of our findings and mitigation recommendations.
   
2. XLSX Report - This XLSX file (Excel) includes a detailed overview of all the technical findings and mitigation recommendations.

Where Can I Check My Website?

Browse now to our website checkup portal, enter your website address and click on the "Check" button, our platform will make sure that your website is as secure as your customers expect it to be. Stay safe online!