A website is the cover letter of a company on the Internet. In other words, it is the door through which customers are received and the corporate image is transmitted, generating a first impression on the customer that can be more or less positive depending on their experience on the website visited.
Companies consider that having a well-structured site, with an attractive design and well positioned in search engines, is important to reach customers, but sometimes a parameter as important as security is not taken into account.
Therefore, in the first place of the pyramid, we should place security, since we must not forget that we work with sensitive information that can be stolen and cause serious consequences, both financial and reputational, for the company and our clients. A website that does not provide trust will result in a negative experience that will generally have an economic impact for the company, as well as in the perception that users have of it (reduction in sales, negative image, security incidents, fines for non-compliance of the law, etc.).
Security Analysis Of A Website
We have made a selection of free tools based on their popularity, efficiency, and reliability. These tools are grouped into the following categories:
- Certificates (HTTPS)
- Analysis of known vulnerabilities
- Web reputation
- Mailing blacklists.
Let’s see below what each category consists of and what utilities we can use.
Currently, a web certificate is a requirement for a website to be considered secure.
There are several types of certificates available for this function, but we should have an SSL certificate on our website that verifies, at least, that we are the owners of the site.
In case we have a high traffic of visits and the budget allows it, we can use the most secure and reliable certificate currently, called EV SSL (extended validation certificate). It is so-called because the verifications carried out by the certifying authority are more specific and require more information from the company, which means that obtaining them takes a few days and not a few minutes. These certificates validate that the company is who it claims to be, in addition to verifying ownership of the domain, with which the guarantee is double.
Remember that certificates for websites also allow us to improve the positioning of our website.
We can obtain these certificates from recognized certifying authorities on the Internet, or through our domain provider , who will carry out the pertinent steps as an intermediary between the company and the certifying authority or CA.
Through these tools we can verify if the certificate is correctly installed and therefore, if visitors safely access our website (HTTPS TLS 1.3), the type of encryption that is applied, the period of validity or expiration and even if the The certificate chain is correct or not, since, in many cases, the certificate used by a website is issued by an intermediate certificate authority and not by a main certification authority or ¡ root CA ¡as it is known in English.
In other words, if our website is secure, visitors will see a padlock in the address bar of their browser, indicating that the page has passed the security controls of a certifying authority and that, therefore, their information is encrypted and It cannot be deciphered by third parties, giving them confidence in the web and in the corporate image.
Web Reputation Analysis And Secure Site Verification
A good reputation allows the positioning to be clear and fluid and the search engines place the web in the first positions in the searches , it will also avoid blocking by Internet DNS servers and users will be able to access the corporate website through related searches with the brand, sector or the products or services offered.
Reputation on the Internet is not only based on the opinions or criticisms received towards the company from customers, but also on the quality of search engine positioning, the type of traffic received and the presence in social networks, among other things.
In addition, other factors are also taken into account, such as how long the domain is registered, if it has suffered malware attacks and is registered by the antimalware and antispam software lists , the use of email, the IPs that visit the domain, if you are under suspicion of attacks, etc.
Other reasons that influence reputation are if the server where the website is hosted contains viruses and is sending infected emails, if the IP used by the domain has been used to send spam before or even if a computer on the corporate network is found infected by sending mass emails.
Each tool analyzes a series of parameters and establishes a reputation value. These values are really indicative and allow you to know if the website is having problems of any kind that would prevent visitors from accessing it or if it has been a victim of phishing or is sending spam via email.
Black Mailing Lists
If our web domain is on a black list, it means that it has been or is being used to send spam emails , that is, mass mailing of advertising emails.
For security reasons, both Internet and domain providers usually block this type of behavior and limit the maximum number of shipments that an email address can make daily, almost always the limitation is high enough to avoid problems (500 or more daily shipments in some cases). In case of having to carry out mail-marketing campaigns
Currently, most browsers use Google’s safe browsing, that is, Google scans web pages every day for unsafe sites, therefore if our website is considered unsafe, it may be a sign that our website contains malware or spam.
At this point, if our site is listed with malware, we must activate all the alarms and try to solve the incident quickly, suspending the service, if the seriousness of the situation requires it, since it could put all the information on our website at risk. company and customers.
We must bear in mind that the results of these websites may not be conclusive. As an alternative measure, if we want to obtain a more reliable result, we can analyze the contents of our website with an antivirus software . To do this, we downloaded the ‘public_html’ folder to a computer, through an FTP client, and we would scan the content. If it were infected, the antivirus would perform the cleaning and we could upload it to our website completely clean.
The security of information in the company depends on good practices, on our interest and responsibility to remain safe and protect our clients, thus providing a quality service. Promoting security on our website not only attracts more customers, it also avoids problems and therefore reduces the economic and reputational costs of our business.
Remember to always do the checks with more than one tool to have different points of view. The security of your website is a primary responsibility in the company. Review it often and remember that the best defense is prevention and awareness.
The tools shown here have been tested by INCIBE and correspond to verified web pages (https).