Security Directory

B

Bespin Global

bespinglobal.asia

0

Bespin Global is a Singapore-based cloud management company aiming to be the world's most automated cloud management provider. The company offers key services including FinOps, MigOps, Managed Services, and support for start-ups. It is recognized by Gartner for seven consecutive years, indicating a strong market position in cloud IT transformation services. The website is built on WordPress with modern SEO and analytics tools, hosted by Dreamscape Networks International Pte Ltd in Singapore. The technical infrastructure is solid with good mobile optimization and moderate performance. Security posture is adequate with HTTPS enabled and no exposed sensitive data, but lacks advanced security headers and published security policies. Privacy compliance is limited due to absence of explicit privacy and cookie policies. Overall, the website is professional and trustworthy but could improve in privacy and security transparency.

W

Wearnes Automotive Singapore

wearnesauto.com

0

Wearnes Automotive Singapore is a well-established luxury automotive retailer operating primarily in Southeast Asia, with a heritage dating back to 1906. The company offers leasing, pre-owned vehicle sales, and bonded car storage services, positioning itself as a leading player in the luxury automotive sector. The website reflects a professional and consistent brand image targeting affluent customers seeking premium automotive solutions. Technically, the site is built on WordPress with a modern tech stack including Google Tag Manager and analytics tools, providing a moderate performance and good mobile optimization. Security posture is solid with HTTPS enforced and no exposed sensitive data, though improvements are recommended in security headers and privacy compliance mechanisms. The absence of WHOIS data limits domain trust verification, but the overall digital presence suggests a legitimate and credible business. Strategic recommendations include enhancing privacy compliance, publishing security policies, and improving accessibility features to strengthen trust and regulatory adherence.

L

Lazada

lazada.sg

0

Lazada Singapore is a leading e-commerce platform offering a wide range of products including electronics, fashion, and groceries. It operates with a strong market presence supported by its parent company Alibaba Group and subsidiaries like RedMart. The website features comprehensive product categories, official brand stores, and multiple payment and delivery options, ensuring a seamless shopping experience for customers. Technically, the site employs modern frameworks such as React and Rax, with fast performance and good mobile optimization. Security measures include HTTPS, CSRF tokens, and use of security libraries, contributing to a strong security posture. Privacy and cookie policies are comprehensive and GDPR compliant, though explicit security policy and incident response contacts are not found. Overall, the site is professional, trustworthy, and well-maintained, with extensive analytics and marketing tools in use.

P

Public Service Division

psd.gov.sg

0

The Public Service Division (PSD) is a Singapore government agency dedicated to nurturing, guiding, and supporting public officers to serve citizens effectively. The website reflects its role as a central government entity providing leadership, transformation initiatives, career development, and communication services. The site targets public officers and Singapore citizens, emphasizing a unified public service culture. Technically, the website is built on the Isomer platform, leveraging modern JavaScript libraries and analytics tools such as Google Tag Manager, Facebook Pixel, and Snowplow Analytics. The site is mobile-optimized, accessible, and SEO-friendly, with good performance metrics. Security-wise, the site enforces HTTPS and avoids exposing sensitive data, but lacks explicit security headers and a cookie consent mechanism, which are areas for improvement. Overall, the website is professional, trustworthy, and aligned with government standards, though it could enhance privacy compliance and security posture further.

E

ERA Realty Network Pte Ltd

era.com.sg

0

ERA Realty Network Pte Ltd operates a comprehensive real estate platform in Singapore, offering services for property buying, selling, renting, and mortgage facilitation. The company supports both consumers and agents with dedicated portals, training, and market insights, positioning itself as a leading real estate agency in the region. The website reflects a mature digital presence with integrated marketing and analytics tools, supporting a broad audience including property seekers and real estate professionals. Technically, the site is built on WordPress with modern plugins and frameworks, ensuring good performance and SEO optimization. Security measures include HTTPS enforcement and CAPTCHA protections, though there is room for improvement with additional HTTP security headers. Privacy policies are present and GDPR compliant, but the absence of a cookie consent mechanism may pose compliance risks. Overall, the site demonstrates a strong business credibility and digital maturity with minor areas for enhancement in security and privacy compliance.

W

WOM Protocol Pte. Ltd.

womprotocol.io

0

WOM Protocol Pte. Ltd. operates a decentralized advertising platform that leverages user-generated content and peer-reviewed videos to replace traditional advertising with authentic word-of-mouth marketing. The company targets content creators, authenticators, brands, publishers, and e-commerce platforms, providing a suite of Web3-based marketing tools including Campaign Manager, Web Recorder, and Authenticator App. The platform positions itself as an innovative disruptor in the advertising industry, emphasizing quality and authenticity over intrusive ads. Technically, the website is built on Squarespace CMS with integrations of Google Analytics and Tag Manager for tracking, alongside custom JavaScript for Web3 functionalities. The site demonstrates good design quality, mobile optimization, and accessibility, with a moderate performance profile. Security measures include HTTPS with HSTS enabled, secure forms, and no visible vulnerabilities or exposed sensitive data. While the site includes privacy and terms of service policies, it lacks a cookie consent mechanism and explicit security or incident response policies, which are areas for improvement. The domain registration data aligns well with the business claims, indicating legitimacy and consistent registration details. Overall, the website presents a professional and trustworthy front for a medium-sized technology company in the decentralized advertising space.

G

Gosu Media Pte Ltd

gosugamers.net

0

GosuGamers is a well-established esports and gaming news portal operated by Gosu Media Pte Ltd, based in Singapore. The website offers comprehensive coverage of esports tournaments, match schedules, rankings, and gaming news, targeting esports enthusiasts and professionals globally. The platform demonstrates a strong market position with a broad range of key services including editorial content, live match data, and entertainment articles. Technically, the site is built on modern web technologies such as Next.js and Material-UI, ensuring fast performance, mobile optimization, and excellent SEO practices. Security-wise, the site enforces HTTPS, employs security headers, and uses reCAPTCHA for form protection, reflecting a mature security posture. However, explicit security policies and incident response contacts are not publicly available, which could be improved. Overall, the site is professional, trustworthy, and compliant with privacy regulations, making it a reliable source for esports content.

DB SCHENKER is a global logistics and supply chain solutions provider with a strong market position, recently merged with DSV to form a world-leading transport and logistics entity. The website offers comprehensive information on their services, including digital services, transport modes, contract logistics, and industry-specific solutions, targeting businesses requiring international shipping and supply chain optimization. The technical infrastructure is modern, leveraging advanced JavaScript frameworks, Adobe Experience Platform Launch, and custom widgets, ensuring good performance and mobile optimization. Security posture is strong with HTTPS, Content-Security-Policy headers, secure login portals, and cookie consent mechanisms, though explicit security policy documentation and incident response contacts are not found. Overall, the site is professional, trustworthy, and compliant with privacy regulations, reflecting a mature digital presence for an enterprise-level logistics company.

Newlogic Pte Ltd is a Singapore-headquartered software consultancy firm with a strong regional presence across Southeast Asia. The company specializes in delivering innovative software solutions in areas such as digital identity and biometrics, data collection and analytics, cash transfer and payment systems, and ERP implementation. Their client base includes leading companies, organizations, and governments, positioning them as a key player in the regional technology consultancy market. The website reflects a professional and consistent brand image with clear descriptions of services and leadership team details. Technically, the website employs a modern tech stack including Bootstrap 4.3.1, jQuery, Popper.js, and Google Fonts, hosted behind Cloudflare. However, performance metrics are lacking, and the site suffers from the absence of a valid SSL certificate, which critically impacts security and user trust. The site is mobile-optimized with good navigation and SEO practices but lacks accessibility features and cookie consent mechanisms. From a security perspective, the site has several HTTP security headers configured, but the lack of HTTPS and TLS support is a major vulnerability. No incident response or security policies are published, and no vulnerability disclosure or data protection officer information is available. The presence of social media links and contact information supports business credibility, but the security posture requires urgent improvement. Overall, the website is functional and professional but has critical security shortcomings that reduce its trustworthiness and compliance. Strategic improvements in SSL deployment, privacy compliance, and security policy transparency are recommended to enhance the company's digital maturity and risk posture.

M

M.Tech Products Pte Ltd

mtechpro.com

0

M.Tech Products Pte Ltd is a leading distributor and solutions provider specializing in cyber security and network performance solutions across the Asia-Pacific region. The company maintains a strong market position with presence in 14 countries, 24 offices, and a reseller network exceeding 2,000 partners. Their business model focuses on partnering with market-leading vendors to deliver integrated security and network performance management solutions, complemented by professional services and training offerings. The website reflects a professional and consistent brand image with good content quality and clear navigation tailored for their target audience of enterprises and resellers. Technically, the website is built on WordPress using common libraries such as jQuery and Owl Carousel, with Gravity Forms for data collection. While the site is mobile optimized and SEO friendly, performance appears slow based on provided data. Critically, the site lacks a valid SSL certificate and proper HTTPS configuration despite having security headers like HSTS, which severely impacts its security posture. Analytics usage is moderate with Google Analytics implemented, but no cookie consent mechanism or explicit cookie policy was found. From a security perspective, the site demonstrates basic best practices through HTTP security headers but suffers from the absence of HTTPS and modern TLS protocols, exposing users to potential risks. No incident response or vulnerability disclosure information is available, and no security certifications are displayed. The domain registration data aligns well with the business claims, indicating legitimacy and trustworthiness. Overall, the website is functional and professional but requires urgent security improvements, especially regarding SSL/TLS implementation, to protect user data and enhance trust. Privacy compliance is partially met with a comprehensive privacy policy but lacks cookie consent mechanisms. Strategic recommendations include securing the website with valid certificates, enabling modern security protocols, and enhancing privacy and incident response disclosures.

Q

Quest Global

quest-global.com

0

Quest Global is a well-established global engineering services provider with over 21,000 employees across 18 countries and 84 centers. The company specializes in delivering end-to-end engineering solutions across multiple industries including aerospace, automotive, healthcare, and energy. Their business model focuses on B2B partnerships with large enterprises, leveraging digital and embedded engineering expertise to solve complex engineering challenges. The website reflects a professional and comprehensive digital presence with strong branding and trusted partnerships with major technology companies such as NVIDIA, Microsoft, AWS, and Google Cloud. Technically, the website is built on WordPress with Elementor and hosted on WP Engine behind Cloudflare CDN. It uses modern marketing and analytics tools like HubSpot and Google Tag Manager. However, performance metrics are not provided, and the site shows signs of slow loading. Mobile optimization and SEO are good, but accessibility is basic. From a security perspective, the site has several strong security headers implemented, but critically lacks a valid SSL/TLS certificate and does not support any TLS protocols, which is a major vulnerability. This significantly reduces the security posture and exposes users to risks. Privacy compliance is good with clear privacy and cookie policies and consent mechanisms in place, but no explicit security policy or incident response contacts are found. Overall, the website is professional and credible but urgently needs to address its SSL/TLS configuration to ensure secure communications and improve trustworthiness. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, enhancing security headers, and publishing explicit security and incident response policies.

G

Goodpack IBC (Singapore) Pte. Ltd.

goodpack.com

0

Goodpack IBC (Singapore) Pte. Ltd. is a leading global provider of reusable intermediate bulk containers (IBCs) designed to optimize supply chains through a flexible pay-per-use leasing model. The company serves diverse industries including rubber, automotive, food and beverage, and chemicals, emphasizing sustainability and cost efficiency. Their extensive global network includes subsidiaries and offices across Asia, Europe, the Americas, and Africa, supporting a large-scale logistics operation. The website reflects a professional and consistent brand image with comprehensive content and clear navigation, targeting businesses seeking eco-friendly and efficient packaging solutions. Technically, the website is built on the Webflow CMS platform, leveraging modern JavaScript libraries such as jQuery, Luxy.js, and Splide.js for enhanced user experience. Hosting and CDN services are provided by Cloudflare, ensuring good content delivery performance. The site includes Google Analytics for user tracking and Google reCAPTCHA for bot protection. Mobile optimization and SEO practices are well implemented, though performance metrics are not explicitly provided. From a security perspective, the site has implemented some security headers including HSTS and CSP frame-ancestors, but critically lacks a valid SSL/TLS certificate and does not support modern TLS protocols, exposing users to potential risks. No explicit security or incident response policies are published, and no vulnerability disclosure or security.txt files are found. Privacy compliance is strong with a clear privacy policy, cookie consent mechanism, and GDPR considerations. Overall, Goodpack’s website demonstrates strong business credibility and digital maturity but requires urgent remediation of SSL/TLS issues to ensure secure communications and maintain trust. Strategic improvements in security policy transparency and incident response readiness would further enhance their security posture.

AutomationSG is a professional association based in Singapore focused on the Automation, Internet-of-Things (IoT), and Robotics sectors. It serves companies and professionals by providing membership services, industry initiatives such as the Singapore Pavilion funding support, Career Conversion Programme partnership, and the AIRHUB innovation platform. The website positions AutomationSG as a key industry association with a medium-sized presence in the Singapore technology sector. The digital infrastructure is built on Drupal 10 with Bootstrap 5, featuring good mobile optimization and accessibility, but lacks performance data. Security posture is weak due to the absence of a valid SSL certificate and HTTPS, exposing the site to risks and lowering trust. Privacy compliance is minimal with no visible privacy or cookie policies. Contact information is clearly provided, including email, phone, and physical address, alongside social media presence on LinkedIn and YouTube.

C

CloserStill Media

dmexcoasia.com

0

The website dmexcoasia.com represents a major upcoming event, eCommerce Expo | DMEXCO Asia, scheduled for October 8-9, 2025 in Singapore. It is organized by CloserStill Media in partnership with Koelnmesse and BVDW, targeting eCommerce and digital marketing professionals in Southeast Asia. The event aims to provide a platform for exhibitors and attendees to connect, generate leads, and share industry insights. Technically, the site uses a variety of modern JavaScript libraries and frameworks including jQuery, Alpine.js, GSAP, and Swiper, hosted on ns-serve.net infrastructure. However, the website suffers from critical security issues including an invalid SSL certificate and lack of TLS protocol support, which significantly undermines its security posture. While HSTS is enabled, other security best practices are missing. The site employs extensive tracking and marketing tools such as Google Analytics, Facebook Pixel, and Microsoft Clarity, indicating a high level of user tracking. Overall, the website is professionally designed with good content relevance and navigation clarity but requires urgent security improvements to protect user data and enhance trust.

A

Ant International

antglobal.com

0

Ant International is a global leader in digital payment and financial technology services, headquartered in Singapore with operations spanning Asia, Europe, the Middle East, and Latin America. The company offers a suite of fintech solutions including cross-border mobile payments, enterprise payment toolkits, AI-powered lending, and treasury services. It holds licenses in over 60 markets and partners with major global brands, positioning itself as a trusted and innovative digital partner for inclusive growth. Technically, the website leverages modern web frameworks such as Next.js and is hosted on Aliyun OSS with CDN support, ensuring fast performance and good mobile optimization. However, the security posture is weakened by an expired SSL certificate and lack of TLS protocol support, which poses significant risks. The absence of explicit privacy, cookie, and terms of service policies on the site further impacts compliance and trust. Strategic improvements in security configuration and transparency are recommended to enhance the overall risk profile and user confidence.

This website has 1 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

I

Ixora Global Pte Ltd

ixora-global.com

0

The website’s security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The absence of HTTPS encryption is a severe vulnerability, undermining confidentiality and trust, and violating GDPR and NIS2 mandates. Key security headers are missing, leaving the site vulnerable to clickjacking, XSS, and content injection attacks. GDPR compliance is lacking due to missing privacy policies and cookie consent mechanisms, risking fines and reputational damage. The lack of an information security framework, incident response, and business continuity planning further indicates immature security governance. Additionally, exposing high-risk services like FTP increases attack surface and potential unauthorized access. While email security and DNS health show some strengths, critical gaps overshadow these areas. Immediate remediation is essential to protect sensitive data, comply with legal requirements, and maintain customer trust.

C

Centurion Bulk

centurionbulk.com

0

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and service disruptions. The absence of HTTPS encryption is a critical vulnerability that undermines all data confidentiality and integrity, putting customer data and business communications at risk. Missing essential security headers such as Strict-Transport-Security and Content-Security-Policy increase susceptibility to common web attacks like man-in-the-middle, clickjacking, and cross-site scripting. Non-compliance with GDPR is evident due to missing privacy policies, cookie consent mechanisms, and third-party privacy disclosures, which can result in heavy fines and reputational damage. Several NIS2 directive requirements are unmet, including lack of incident response, security policies, and business continuity planning, exposing the company to operational risks and regulatory penalties. Network security is compromised by exposing critical services like FTP and MySQL publicly, heightening the risk of unauthorized access. Email security is moderately implemented but lacks enforcement and reporting mechanisms, potentially increasing phishing and spoofing risks. Overall, urgent remediation is needed to protect sensitive data, comply with regulations, and maintain customer trust.

A

Amber Lounge

amber-lounge.com

0

The website amber-lounge.com exhibits a dangerously weak security posture with critical vulnerabilities, most notably the complete absence of HTTPS encryption and essential security headers. This exposes the business to significant data breaches, regulatory non-compliance, and reputational damage, especially under GDPR and NIS2 regulations. Immediate remediation is essential to protect customer data and maintain trust.

The security assessment of https://binancepay.com reveals significant gaps in foundational web security controls, privacy compliance, and incident management frameworks, resulting in a high-risk posture despite no critical vulnerabilities detected. Key deficiencies in security headers, GDPR compliance, and NIS2 alignment expose the business to regulatory penalties, phishing risks, and potential service disruptions. Immediate remediation is essential to protect customer trust, ensure data privacy, and maintain operational resilience.