Security Directory

M

Medibank

medibankoshc.com.au

0

The website demonstrates a moderate overall security posture with no critical vulnerabilities but multiple high and medium risk issues that could expose the business to significant threats. Key deficiencies in security headers and email authentication protocols increase the risk of data breaches, phishing attacks, and user exploitation. The lack of GDPR compliance elements, such as cookie policies and consent mechanisms, exposes the organization to regulatory penalties and reputational damage. Absence of incident response and vulnerability disclosure policies under NIS2 requirements limits the company’s ability to effectively manage and mitigate cyber incidents. While SSL/TLS and network security configurations are relatively strong, improvements in DNS security and email protections are needed. Addressing these gaps will reduce attack surfaces, enhance customer trust, and ensure regulatory compliance. Immediate attention to policy implementation and security headers will yield the highest business value and risk reduction. Overall, the site requires focused remediation to align with best practices and legal obligations.

M

Medibank

medibanklife.com.au

0

The website demonstrates a solid foundation in core technical security areas such as email security, SSL/TLS implementation, and overall network security. However, significant gaps exist in compliance with GDPR and NIS2 regulatory frameworks, with critical deficiencies in privacy policies, consent mechanisms, and documented security governance. The absence of key security headers, particularly the Content-Security-Policy, exposes the site to client-side attacks like cross-site scripting. Lack of incident response, vulnerability disclosure, and business continuity plans present operational risks that could escalate the impact of security events. Additionally, DNS security could be strengthened by enabling DNSSEC and configuring CAA records to prevent domain-based attacks. Overall, while the infrastructure is strong, the organization must urgently address policy, compliance, and procedural gaps to reduce legal, reputational, and operational risks.

M

Medibank Private Limited

medibank.com.au

0

The website demonstrates a moderate overall security posture with no critical vulnerabilities detected, but several high and medium-risk issues require urgent attention. Key compliance gaps exist in GDPR adherence, notably the absence of a cookie policy and consent banner, which expose the business to regulatory penalties and reputational damage. The NIS2-related security framework and incident response capabilities are severely lacking, indicating unpreparedness for cyber incidents and potential operational disruptions. Security headers and SSL/TLS configurations are generally adequate but have room for improvement to mitigate common web-based attacks. DNS health and network security score well, reflecting a solid underlying infrastructure. Email security is robust, reducing phishing risks via email vectors. Prioritizing GDPR compliance and establishing formal security policies will significantly reduce legal and operational risks. Immediate remediation will enhance customer trust and regulatory standing, supporting long-term business resilience.

V

Virgin Australia Airlines Pty Ltd

virginaustralia.com

0

The website demonstrates a generally strong security posture in areas such as email security, SSL/TLS configuration, and network security, all scoring 100/100. However, critical gaps exist in compliance and governance domains, particularly related to GDPR and NIS2 frameworks, with scores as low as 25/100. High-severity issues include missing essential privacy policies, lack of cookie consent mechanisms, and absence of incident response and security policy documentation. The missing Content-Security-Policy header further exposes the site to cross-site scripting risks. DNS health is fairly good but can be improved by enabling DNSSEC and configuring CAA records. Overall, while technical defenses are solid, the lack of regulatory compliance and formal security governance poses significant business risks, including legal penalties and reputational damage. Immediate remediation in compliance and policy documentation is critical for maintaining trust and regulatory adherence.

V

Velocity Frequent Flyer Pty Limited

velocityfrequentflyer.com

0

The website demonstrates a moderate security posture with no critical vulnerabilities detected but multiple high and medium-risk issues that expose the organization to regulatory, reputational, and operational risks. Key weaknesses lie in missing essential security headers, lack of compliance with GDPR requirements, and absence of fundamental NIS2 cybersecurity governance frameworks. While foundational network and email security measures are strong, gaps in security policy documentation, incident response readiness, and privacy transparency present significant business risks. Failure to implement privacy policies and consent mechanisms may lead to regulatory fines and loss of customer trust. Additionally, missing headers like Strict-Transport-Security and Content-Security-Policy increase exposure to man-in-the-middle and cross-site scripting attacks. The organization should prioritize closing these gaps to protect sensitive information, ensure regulatory compliance, and maintain customer confidence. Immediate remediation combined with policy development and communication enhancements is essential to strengthen overall security posture.

C

Cliniko

cliniko.com

0

The website demonstrates a solid foundation in network security, email security, and SSL/TLS configurations, reflecting a mature stance on technical defenses. However, significant gaps exist in compliance with GDPR and NIS2 regulatory frameworks, posing legal and reputational risks. Missing privacy and cookie policies, along with absence of consent mechanisms, expose the business to potential fines and customer trust erosion. Lack of formal information security frameworks and incident response plans weakens the organization's ability to manage and mitigate security incidents effectively. Security headers are partially implemented but require strengthening to guard against common web-based attacks. DNS security can be enhanced further by enabling DNSSEC and properly configuring CAA records. Overall, while technical controls are generally strong, urgent improvements in governance, compliance, and policy documentation are critical to reduce business risk and ensure regulatory adherence.

O

Ooshman

ooshman.au

0

The website demonstrates significant security gaps, particularly in foundational security headers, privacy compliance, and information security governance, resulting in a poor overall security posture. While network security and email security score relatively well, critical vulnerabilities such as missing Strict-Transport-Security and Content-Security-Policy headers expose the site to data interception and cross-site scripting attacks. The absence of GDPR compliance elements like privacy and cookie policies presents legal and reputational risks. Additionally, missing NIS2-related documentation and incident response procedures indicate a lack of preparedness for cyber incidents, increasing operational risk. Weak SSL key lengths and impending certificate expiration further undermine secure communications. Addressing these high and medium priority issues is essential to protect customer data, maintain regulatory compliance, and safeguard business continuity. Immediate remediation will reduce potential breach impact, enhance customer trust, and align with industry standards.

J

Jelly Health Pty Ltd

jellyhealth.com.au

0

The website demonstrates significant security weaknesses, particularly in its security headers, GDPR compliance, and adherence to NIS2 cybersecurity requirements. While no critical issues were detected, there are numerous high and medium severity findings that expose the business to data breaches, regulatory non-compliance, and operational risks. Key concerns include missing essential HTTP security headers, absence of a cookie policy and consent mechanisms, and a lack of documented security policies and incident response procedures. Additionally, the exposure of high-risk services such as FTP increases the attack surface. Although email security and SSL/TLS configurations are relatively strong, the impending SSL certificate expiry and lack of HSTS enforcement pose risks. Immediate remediation is needed to protect customer data, maintain regulatory compliance, and safeguard business continuity. Overall, the current security posture is inadequate for a business seeking to minimize cyber risk and ensure trustworthiness with customers and regulators.

B

BPAY Pty Ltd

bpay.com.au

0

The website demonstrates a moderate overall security posture with no critical issues detected, but several high and medium-risk vulnerabilities that pose significant risks to business operations and compliance. Key deficiencies exist in security headers, GDPR compliance, and adherence to NIS2 cybersecurity requirements, exposing the organization to regulatory penalties and potential data breaches. The absence of privacy and cookie policies, as well as missing consent mechanisms, undermines trust and legal compliance with data protection laws. Weak SSL/TLS configurations and mixed content issues threaten secure data transmission and user confidentiality. Network security and email security are strong points, reflecting good foundational controls in those areas. However, the lack of incident response procedures and security documentation hampers the organization's ability to effectively manage and respond to cyber incidents. Immediate remediation efforts should focus on closing compliance gaps, strengthening encryption standards, and improving security policy frameworks to safeguard business continuity and reputation.

A

Australia Post

australiapostcollectables.com.au

0

The website demonstrates a generally solid technical security foundation with strong network security, SSL/TLS configurations, and DNS health. However, critical gaps exist in compliance with GDPR and NIS2 regulations, particularly around privacy policies, consent mechanisms, and documented security frameworks. The absence of privacy and cookie policies, along with missing consent banners, exposes the business to regulatory and reputational risks. Lack of incident response procedures and security policy documentation further elevates operational risks in case of security events. Security headers are moderately implemented but can be strengthened to reduce attack surface. Email security is good but could be improved with DKIM implementation to prevent spoofing. Overall, the site is secure from a technical standpoint but requires urgent compliance and governance enhancements to mitigate legal and operational risks.

A

Australia Post

digitalid.com

0

The website demonstrates a generally strong technical security posture in areas such as email security, SSL/TLS configuration, DNS health, and network security, reflecting effective implementation of foundational controls. However, significant gaps exist in compliance and governance domains, notably regarding GDPR and NIS2 requirements, which pose substantial legal, reputational, and operational risks. The absence of a privacy policy, cookie policy, and consent mechanisms undermines user trust and exposes the business to potential regulatory penalties. Furthermore, critical deficiencies in information security frameworks, incident response, and security policy documentation indicate a lack of formalized cybersecurity governance and preparedness. While security header implementations are moderate, enhancements are needed to reduce exposure to web-based threats. Addressing these compliance and governance gaps will be essential to align with industry best practices, regulatory mandates, and customer expectations. Prioritizing these improvements will strengthen both risk management and stakeholder confidence.

A

Australia Post

postbillpay.com.au

0

The website demonstrates a solid foundation in network, email, and SSL/TLS security, indicating good baseline protections. However, significant gaps exist in security headers, GDPR compliance, and adherence to NIS2 cybersecurity frameworks, which together expose the business to legal, reputational, and operational risks. Missing critical headers like Content-Security-Policy and X-Frame-Options leave the site vulnerable to cross-site scripting and clickjacking attacks. The absence of privacy and cookie policies, along with no cookie consent mechanism, poses compliance risks under data protection laws such as GDPR, potentially leading to fines and loss of customer trust. Lack of documented security policies, incident response procedures, and business continuity planning increases the risk of inadequate response to cyber incidents, threatening business operations. DNSSEC is not enabled, which could allow DNS spoofing attacks. Addressing these issues will significantly strengthen security posture, reduce compliance risks, and protect the organization from both cyber threats and regulatory penalties. Immediate focus on privacy policies, security headers, and incident response frameworks is recommended. Overall, the current posture requires urgent remediation to align with industry standards and legal requirements.

A

Australia Post

auspost.com.au

0

The website demonstrates a generally solid technical security foundation with strong email security, network security, SSL/TLS, and DNS health scores. However, significant deficiencies exist in compliance with data privacy regulations such as GDPR, and critical gaps are present in information security governance aligned with NIS2 requirements. The absence of a privacy policy, cookie policy, and consent mechanisms exposes the business to regulatory penalties and reputational damage. Moreover, lacking documented security policies, incident response plans, and vulnerability disclosure processes increases operational risk and may delay breach mitigation. Security headers are moderately configured but require improvements to reduce attack surface and prevent data leakage. Overall, the site’s technical controls are adequate but the organization must urgently address compliance and governance shortcomings to safeguard customer trust and meet legal obligations. Failure to act on these high-impact, high-risk issues could result in financial losses and regulatory scrutiny.

B

Briscoes AU

briscoes.com.au

0

The website's security posture is currently weak, with numerous critical and high-risk vulnerabilities exposing the business to significant threats including data breaches, regulatory fines, and operational disruptions. Critical services such as Telnet, SMB, MSSQL, MySQL, PostgreSQL, Redis, and MongoDB are openly exposed, posing immediate risk of compromise. Security headers are inadequately configured, leaving the site vulnerable to clickjacking, cross-site scripting, and data leakage attacks. GDPR compliance is poor, with no cookie policy or consent mechanisms in place, increasing legal and reputational risks. The absence of a formal information security framework, incident response plan, and security policies under NIS2 requirements indicates a lack of preparedness for cyber incidents. SSL/TLS configurations are suboptimal, including weak keys and impending certificate expiration, undermining data encryption and trust. Although email security and DNS health show relatively better scores, critical network security gaps must be addressed urgently to protect business assets and maintain customer trust.

The website demonstrates a generally sound technical security posture with strong network security, SSL/TLS configurations, and email security. However, there are significant compliance and governance gaps, primarily related to GDPR and NIS2 regulatory requirements, which pose high legal and operational risks. Key concerns include the absence of privacy and cookie policies, lack of consent mechanisms, and missing incident response and information security framework documentation. These deficiencies could lead to regulatory penalties, reputational damage, and loss of customer trust. Security headers are implemented but need strengthening to mitigate web-based attacks effectively. DNS and email security are adequate but have room for improvement to reduce attack surface. Addressing governance and compliance issues should be prioritized alongside enhancing security headers to ensure a balanced, robust security posture that supports business continuity and regulatory adherence.

The website demonstrates a moderate overall security posture with no critical vulnerabilities detected but several high and medium severity issues that pose significant risk. Key deficiencies include missing critical security headers such as Content-Security-Policy and weak configurations of transport security headers, increasing exposure to client-side attacks. Compliance gaps with GDPR and NIS2 regulations are evident, notably the absence of cookie policies, consent mechanisms, incident response procedures, and security policy documentation, which could lead to regulatory penalties and reputational damage. The SSL/TLS and DNS configurations are generally solid but require improvements to fully protect data in transit and DNS integrity. Email and network security modules score well, indicating good controls in those areas. However, the lack of a formal information security framework and vulnerability disclosure processes introduces organizational risk. Addressing these issues will strengthen security posture, regulatory compliance, and customer trust.

The website demonstrates a generally good foundation in network security, SSL/TLS configuration, and DNS health, reflected by high module scores in these areas. However, significant gaps exist in compliance with GDPR and NIS2 regulations, exposing the business to potential legal, reputational, and operational risks. Missing critical security headers and the absence of privacy and cookie policies indicate vulnerabilities to web-based attacks and non-compliance penalties. The lack of documented information security frameworks, incident response procedures, and vulnerability disclosure policies further increases risk exposure and reduces readiness to handle security incidents. Email security is moderately strong but requires improvements to enhance email authenticity and reduce phishing risks. Addressing these deficiencies will strengthen regulatory compliance, improve user trust, and reduce the likelihood and impact of cyber incidents. Immediate remediation of high-priority issues will also help safeguard the business’s reputation and avoid costly regulatory fines.

The website demonstrates a generally solid technical security foundation in areas such as network security, SSL/TLS configurations, and email security. However, significant gaps exist in compliance and governance frameworks, particularly related to GDPR and NIS2 requirements, which expose the business to regulatory risks and potential legal liabilities. Critical missing elements include privacy and cookie policies, consent mechanisms, and comprehensive security documentation such as incident response and business continuity plans. The absence of key HTTP security headers also leaves the website vulnerable to web-based attacks like clickjacking and cross-site scripting. While the technical controls are mostly strong, the lack of formal policies and procedures undermines overall security posture and business resilience. Immediate attention is required to align with regulatory mandates and establish clear security governance. Addressing these issues will reduce legal exposure, improve customer trust, and enhance operational readiness against cyber incidents.

The website demonstrates a strong technical foundation in network security, SSL/TLS configuration, and DNS health, scoring above 80% in these areas. However, significant gaps exist in security headers, GDPR compliance, and adherence to NIS2 cybersecurity requirements, with several high-severity issues identified. Missing critical security headers like X-Frame-Options exposes the site to clickjacking attacks, while the absence of privacy and cookie policies alongside no consent mechanism poses substantial legal and reputational risks under GDPR. Lack of an information security framework, security policies, and incident response procedures indicate immature cybersecurity governance, increasing vulnerability to breaches and regulatory penalties. Email security is adequate but can be improved by adding DKIM records to prevent spoofing. Overall, the website’s security posture is adequate technically but deficient in compliance and governance, necessitating urgent attention to policy, legal, and procedural controls to safeguard business continuity and customer trust.

C

Country Road

countryroad.com

0

The website demonstrates a moderate security posture with no critical vulnerabilities but several high and medium-risk issues that could expose the business to regulatory, reputational, and operational risks. Key deficiencies exist in privacy compliance (GDPR) and NIS2-related information security governance, including missing privacy and cookie policies, absence of incident response and security policy documentation, and lack of a vulnerability disclosure program. Security headers are inadequately configured, increasing the risk of clickjacking, content sniffing, and cross-site scripting. While email security, SSL/TLS, DNS health, and network security show relatively strong configurations, mixed content issues and missing DNSSEC reduce overall protection. Addressing these gaps will improve regulatory compliance, customer trust, and resilience against cyber threats. Without timely remediation, the business risks penalties, data breaches, and erosion of stakeholder confidence. Prioritizing governance and compliance improvements alongside technical hardening will yield the greatest business value and security impact.

The website demonstrates a generally strong security posture with no critical or high severity issues detected. Core areas such as email security, SSL/TLS configurations, and network security are well-implemented, scoring 100 out of 100. However, there are several medium-level issues primarily related to compliance and DNS configurations that require attention. Notably, the absence of essential security headers and failure in GDPR and NIS2 compliance analyses indicate potential risks in data protection and regulatory adherence. Additionally, the lack of DNSSEC implementation and missing CAA records could expose the domain to DNS spoofing and certificate mis-issuance risks. Addressing these medium and low-level vulnerabilities will strengthen the website's defenses and help ensure regulatory compliance, thereby protecting business reputation and customer trust. Proactive remediation is recommended to maintain a robust security posture and minimize potential attack surfaces.

The website demonstrates a generally strong security posture with no critical or high severity issues detected. Key areas such as email security, SSL/TLS configuration, and network security are fully compliant and robust, scoring 100/100. However, medium severity issues related to missing security headers, GDPR compliance gaps, NIS2 directive adherence, and DNSSEC absence indicate potential vulnerabilities and regulatory risks. Low severity findings like missing CAA records should also be addressed to strengthen DNS security further. The lack of DNSSEC protection exposes the domain to DNS spoofing and cache poisoning attacks, which could harm business reputation and user trust. GDPR and NIS2 compliance failures pose legal and operational risks, especially for businesses operating in or with the European Union. Addressing these medium-level issues will enhance overall resilience and regulatory alignment, reducing the risk of data breaches and compliance penalties.

The website demonstrates a generally strong security posture with no critical or high severity issues detected. Key areas such as email security, SSL/TLS configurations, and overall network security are well implemented, scoring 100/100. However, there are medium-level concerns related to missing security headers, lack of GDPR and NIS2 compliance evidence, and the absence of DNSSEC, which could expose the website to certain attack vectors and regulatory risks. Additionally, low-severity issues like unconfigured CAA records suggest room for improved domain security management. Addressing these medium and low-level findings will help mitigate potential vulnerabilities, reduce regulatory compliance risks, and enhance trustworthiness. Prioritizing these improvements will protect business operations and maintain customer confidence. Overall, the security posture is good but can be significantly strengthened by focusing on policy enforcement and DNS security enhancements.

The website's overall security posture shows no critical vulnerabilities but is hindered by multiple high and medium-level issues, particularly in governance and compliance areas. Key deficiencies include missing fundamental security headers, an absent cookie consent mechanism, and lack of documented security and incident response policies, exposing the business to regulatory risks and operational disruptions. The SSL certificate's imminent expiration poses an immediate threat to secure communications. While network security and DNS health are relatively strong, gaps in email security and GDPR compliance could lead to data breaches and reputational damage. Addressing these issues promptly will enhance user trust, regulatory compliance, and reduce attack surface exposure. The current state suggests insufficient maturity concerning NIS2 requirements, which could impact compliance and operational resilience. Overall, the business should prioritize remediation efforts to strengthen security posture and meet regulatory obligations effectively.

This website has 2 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation. Multiple high and critical issues indicate significant gaps in compliance with GDPR and NIS2 regulations, risking legal penalties and reputational damage. The lack of privacy and cookie policies, as well as no cookie consent mechanism, further exacerbates regulatory non-compliance. Security headers are inadequately configured, increasing vulnerability to common web attacks like clickjacking and cross-site scripting. Incident response, security policies, and business continuity planning are either missing or insufficient, leaving the organization unprepared for cyber incidents. Although email security and network security show strong scores, these strengths are overshadowed by critical website and data protection failures. DNS health is moderately good but can be improved with DNSSEC and proper CAA records. Immediate remediation is essential to safeguard sensitive information, maintain customer trust, and ensure regulatory adherence.

T

Tennant Metals

tennantmetals.com.au

0

The website demonstrates a moderate security posture with no critical vulnerabilities detected, but several high and medium-risk issues that could expose the business to significant risks. Key security headers are missing, such as Strict-Transport-Security, X-Frame-Options, and Content-Security-Policy, increasing susceptibility to common web attacks like clickjacking and man-in-the-middle attacks. Compliance gaps related to GDPR and NIS2 frameworks highlight insufficient data protection policies, lack of incident response procedures, and absence of documented security policies, which could lead to regulatory penalties and operational disruptions. While SSL/TLS and DNS configurations are generally strong, the absence of HSTS and DNSSEC reduces communication security and trustworthiness. The company benefits from strong email and network security, but overall low scores in governance and security policy areas present material business risks. Immediate remediation is necessary to prevent data breaches, maintain customer trust, and ensure regulatory compliance. Addressing these weaknesses will enhance resilience, reduce liability, and safeguard the organization’s reputation.

This website has 3 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

A

ANZ Worldline

anzworldline.com.au

0

The website anzworldline.com.au demonstrates a strong technical security foundation in areas such as network security, SSL/TLS, and email security. However, it exhibits significant compliance and governance deficiencies, particularly related to GDPR and NIS2 requirements, which expose it to regulatory, reputational, and operational risks.

The website https://bastionagency.com exhibits significant security gaps, particularly in web security headers, GDPR compliance, and information security governance, resulting in an overall weak security posture. While network and email security are relatively strong, critical missing controls and policies increase the risk of data exposure, regulatory non-compliance, and potential operational disruptions.

The website https://oohmedia.com.au demonstrates a moderate security posture with no critical vulnerabilities detected but several high and medium risks, particularly in GDPR compliance and information security management. Key gaps in policy documentation and incident response, along with SSL and email security weaknesses, expose the business to regulatory, operational, and reputational risks. Immediate improvements in these areas will strengthen overall resilience and compliance.

JobAdder's website exhibits a concerning security posture with multiple high and medium severity issues, particularly in GDPR compliance, information security governance, and SSL/TLS configurations. While network security and some email/DNS controls are strong, critical gaps in privacy policies, security frameworks, and header protections expose the business to regulatory, reputational, and operational risks.

The website https://nexia.com.au currently exhibits significant security vulnerabilities, particularly in its HTTP security headers, GDPR compliance, and information security governance, resulting in a poor overall security posture. While network and email security appear robust, critical gaps in policies, incident response, and encryption standards expose the business to regulatory risks and potential cyber threats. Immediate remediation is necessary to protect customer data, maintain regulatory compliance, and uphold brand reputation.

The website exhibits significant security and compliance gaps, particularly in GDPR adherence, email authentication, and information security governance, posing legal and operational risks. While network security and SSL/TLS posture are relatively strong, critical vulnerabilities like lack of email authentication and absence of incident response procedures expose the business to potential data breaches and regulatory penalties.

paramark.com.au currently exhibits significant security gaps, especially in foundational web security headers, GDPR compliance, and organizational security policies, resulting in an unknown and potentially high risk posture. While network and email security are strong, missing critical controls and documentation expose the business to data breaches, regulatory penalties, and reputational damage. Immediate remediation is required to align with industry best practices and regulatory requirements.