I was reviewing the RSAC 2020 Innovation Sandbox finalists and wondering what level of security they had implemented for protecting their own sites – that is whether they “walk the talk”?
Checks were performed using following publicly available services against respective companies home pages.
|Web SSL Server||@qualys||https://bit.ly/QS_Scan|
The tests is not indicative of the security of respect services or product offerings – but simply a comparison on level of attention to company web sites.
Overall – Securiti.AI was Ranked #1, followed by Elevate Security #2, Inky #3, AppOmni #4, Sqreen #5, Obsidian #6, Blubracket #7, Talasecurity #8, Vulcan Cyber #9 and forallsecure #10.
Note rank order differs slightly from UpGuard score due to additional checks, essentially sorting Left to Right (best to worst) based on results.
Web Server (QS_Scan) – Most sites had implemented TLS (9/10), however some still allowing TLS 1.1.
Browser Security (SH_Scan) Few had implemented security all headers options (STS CSP XFO XCTO RP FP).
Only 1 (Securiti.AI) had fully implemented.
Email security (FM_Scan) was less than ideal (considering Phishing is major threat vector) with only 2 having implemented DMARC with SPF (reject or quarantine).
DNS Security (DNSSEC) – Only 2/10 had implemented DNS Security.
DNS Security –Top 5 Threats, CloudFlare, Akamai, Imperva
Security Headers – OWASP / Hardening Guide