FirefoxNightlyDeb icon indicating copy to clipboard operation
FirefoxNightlyDeb copied to clipboard

Published 20 hours ago verified publisher icon Vitexus

Hardenize Website

Open TNTBOMBOM opened this issue 2 years ago • 1 comments

Its better for the visitors so as users to have secure path/browsing when they use vitex website/repo.

So here are some useful scanners to show useful reports on where the issues are:

https://www.hardenize.com/report/vitexsoftware.cz/1627479787 (many missing features) https://www.ssllabs.com/ssltest/analyze.html?d=www.vitexsoftware.cz&s=213.151.89.97 (B) https://securityheaders.com/?q=www.vitexsoftware.cz&followRedirects=on (F) https://observatory.mozilla.org/analyze/www.vitexsoftware.cz (F)

Important missing features/configs:

From ssllabs scanner:

https://www.ssllabs.com/ssltest/analyze.html?d=www.vitexsoftware.cz&s=213.151.89.97

We find:

  • Check certificate expiray

Valid until | Tue, 22 Jun 2021 15:34:45 UTC (expired 1 month and 5 days ago)   EXPIRED

  • Disable TLS 1.0 , 1.1 (deprecated) , Allow TLS 1.3
  • Disable weak ciphers
  • OCSP stapling missing
  • Hide Nginx version (better practice)

From Hardenize scanner

https://www.hardenize.com/report/vitexsoftware.cz/1627479787

We find:

  • CAA (unless you are using CDN or so then thats different thing)

https://www.hardenize.com/report/vitexsoftware.cz/1627479787#domain_caa

  • Certificate doesn't match hostname

The provided certificate doesn't match the expected hostname.

Expected hostname: vitexsoftware.cz

https://www.hardenize.com/report/vitexsoftware.cz/1627479787#www_certs

  • PHPSESSID: missing HttpOnly , Secure , SameSite

https://www.hardenize.com/report/vitexsoftware.cz/1627479787#www_cookies

  • HSTS , HSTS-Preload missing

https://www.hardenize.com/report/vitexsoftware.cz/1627479787#www_hsts

  • CSP missing

https://www.hardenize.com/report/vitexsoftware.cz/1627479787#www_csp

  • webapp security

https://www.hardenize.com/report/vitexsoftware.cz/1627479787#www_xfo https://www.hardenize.com/report/vitexsoftware.cz/1627479787#www_xxssp https://www.hardenize.com/report/vitexsoftware.cz/1627479787#www_xcto

From securityheaders

https://securityheaders.com/?q=www.vitexsoftware.cz&followRedirects=on

We find:

Everything is missing :) .

ThX!

TNTBOMBOM avatar Jul 28 '21 14:07 TNTBOMBOM