Security Directory

B

Bellacer

bellacer.com

0

Bellacer is a medium-sized construction product distributor and service provider based in Andorra, operating under the parent company GRUPO HIEMESA S.L. The company specializes in steel distribution, transformation, industrial supplies, and renewable energy products, serving construction professionals and businesses in the region. Their website is professionally designed, multilingual, and provides comprehensive information about their services and projects. Technically, the site is built on WordPress with modern plugins and integrates social media and analytics tools effectively. Security posture is good with HTTPS and cookie consent mechanisms, though it lacks some advanced security headers and incident response information. The absence of WHOIS registration data is a notable concern but does not detract significantly from the overall trustworthiness given the professional presentation and parent company association. Strategic recommendations include enhancing security headers, publishing a security policy, and improving WHOIS transparency.

C

Coopalsa + Nadal

bus.ad

0

Coopalsa + Nadal operates as a primary public transportation service provider in Andorra, offering regular bus lines and related services. The website serves residents and visitors by providing schedules, ticket sales information, and route details. The company maintains a consistent brand presence and engages users through social media platforms such as Facebook, Twitter, and Instagram. The business model focuses on essential transportation services within the country, positioning itself as a key local operator.

J

Jocs dels Petits Estats d'Europa

gsse-andorra2025.com

0

The website gsse-andorra2025.com serves as the official digital platform for the Games of the Small States of Europe (GSSE) event hosted by Andorra in 2025. It provides comprehensive information about the event, including schedules, venues, media resources, and transport details. The site targets athletes, officials, media, and fans interested in this biennial multi-sport event featuring small European states. The business model focuses on event promotion and information dissemination, positioning itself as the authoritative source for GSSE 2025 in Andorra. Technically, the website is built on WordPress with Elementor page builder, leveraging modern web technologies such as jQuery, Swiper, and SEO tools like Rank Math. The site demonstrates good mobile optimization, SEO practices, and moderate performance. It uses HTTPS and includes a cookie consent mechanism, reflecting a mature digital infrastructure suitable for event promotion. From a security perspective, the site enforces HTTPS and employs domain transfer protection. However, it lacks explicit security headers and dedicated security or incident response policies. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong, with clear privacy and cookie policies aligned with GDPR requirements. Contact information is limited, with no direct emails or phone numbers found on the main pages. Overall, the website presents a low-risk profile with a professional appearance and solid privacy compliance. Strategic recommendations include enhancing security headers, publishing explicit security policies, and providing clearer contact channels to improve trust and incident response readiness.

G

GROUP Andbank

andbank.com

0

The website's overall security posture is currently poor, with critical vulnerabilities that pose significant risks to both the business and its users. The absence of HTTPS encryption is a severe issue, exposing data in transit to interception and undermining compliance with GDPR and NIS2 regulations. Key security headers are either missing or weakly configured, increasing susceptibility to common web attacks such as clickjacking and content injection. Privacy compliance is lacking, with no privacy or cookie policies and no consent mechanisms, risking regulatory penalties and reputational damage. Additionally, the organization lacks foundational security governance, including incident response, security policies, and vulnerability disclosure procedures, which impairs its ability to manage and respond to threats effectively. Email security is moderately strong but could be improved with stricter DMARC enforcement and reporting. DNS security measures like DNSSEC are not enabled, reducing protection against DNS spoofing. Network security itself is well managed, indicating some internal controls are in place. Immediate remediation is critical to prevent data breaches, regulatory fines, and erosion of customer trust.