Knowledgebase
Not sure about the meaning of certain words? Look them up!
The knowledge base covers the used words and tests to explain them to you in easy words.
About Knowledge Base
The Goal
The testing platform holds the tools and services that will help organisations to perform basic tests on their most commonly exposed infrastructures, starting with email and web servers. More tools will be added through time to increase the coverage of available tests.
Find out more hereTests
Website Application Testing
After entering a website's domain name, we will test whether the website supports various modern Internet standards such as:- Content Security Policy (CSP) header
- Cross-Origin Resource Sharing (CORS)
- HTTP Strict Transport Security (HSTS) header implementation
This platform is providing a tool in order to verify the reachability of your server from a modern internet address (IPv6).
This platform is providing a tool to assess your web server configuration, software versions and potential vulnerabilities.
- Parses and validates MX, SPF, and DMARC records
- Checks the presence and validity of DKIM public key
- Checks for DNSSEC deployment
- Lists name servers
- Checks for STARTTLS and TLS support on each mail server
File testing
The file testing module is relying on the Pandora Analysis framework. Notable engines involved during the analysis are:- VirusTotal
- Yara
- ClamAV
- msodde, a script to parse MS Office documents
Standards
HTTPS
HTTPS (HyperText Transfer Protocol Secure) is an encrypted version of the HTTP protocol. It uses SSL or TLS to encrypt all communication between a client and a server.
HSTS
HTTP Strict Transport Security lets a website inform the browser that it should never load the site using HTTP and should automatically convert all attempts to access the site using HTTP to HTTPS requests instead. It consists in one HTTP header, Strict-Transport-Security, sent by the server with the resource.
DMARC and SPF
DMARC and SPF are protections against email phishing.
DMARC record is a TXT record that contains instructions for how an email server should handle an email that fails authentication. Using DMARC records, you can control if email receivers should reject, quarantine, or do nothing with a suspicious email.
The Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of an email.
Domain signature (DNSSEC)
The Domain Name System Security Extensions are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS).
DKIM
DomainKeys Identified Mail is an email authentication method designed to detect forged sender addresses in email (email spoofing).
DKIM allows the receiver to check that an email that claimed to have come from a specific domain was indeed authorized by the owner of that domain.