Security Directory

A

Arztsuche24.at

arztsuche24.at

0

Arztsuche24.at is an Austrian online healthcare directory providing comprehensive listings of doctors, pharmacies, and health institutions across Austria. The platform offers detailed information including health insurance affiliations, opening hours, directions, and contact details, targeting patients and healthcare seekers within Austria. The site collaborates with Verlagshaus der Ärzte, enhancing its credibility and content quality. Technically, the website is built on WordPress with a custom theme and utilizes common web technologies such as jQuery, Bootstrap, and Leaflet.js for maps. However, the site suffers from a lack of a valid SSL certificate, resulting in no HTTPS support and outdated security protocols, which significantly impacts its security posture. Privacy compliance is addressed through a cookie consent banner and links to comprehensive privacy and terms policies hosted on a partner domain. Overall, while the site provides valuable healthcare information, its security shortcomings and slow performance present risks that should be addressed to improve user trust and compliance.

H

Hund

hundstat.us

0

Hund.io operates a status page at hundstat.us providing real-time and historical operational status for its services including website, DNS, GitLab, and platform components. The site targets users and customers who require transparency on service availability and performance. The business model centers on operational monitoring and status reporting, positioning Hund.io as a technology service provider in the monitoring niche. The website content is professional and consistent with the brand, but lacks comprehensive business and compliance information. Technically, the site is hosted on AWS infrastructure with DNS managed partly by AWS and Hurricane Electric. The technology stack includes standard web technologies with Google Analytics and Google Tag Manager for tracking. However, the site suffers from slow performance and lacks modern optimizations such as full mobile responsiveness and accessibility features. From a security perspective, the site has critical weaknesses including an invalid or missing SSL certificate, absence of HTTPS, no security headers, and no DNSSEC or CAA records. These issues significantly reduce the security posture and expose users to risks. Additionally, there is no evidence of privacy compliance, incident response policies, or contact information for security matters. Overall, the site presents moderate business credibility but requires urgent improvements in security and privacy compliance to reduce risk and enhance trust. Strategic recommendations include obtaining a valid SSL certificate, enabling HTTPS, implementing security headers, and publishing privacy and security policies.

S

SoSafe

humanfirewallconference.com

0

SoSafe operates the Human Firewall Conference, a leading European cybersecurity event focused on the human factor in security. The company provides cybersecurity awareness training and human risk management services, positioning itself as a key player in the cybersecurity education and event space. The website is professionally designed, content-rich, and targets security professionals and CISOs. Technically, the site uses WordPress CMS, integrates with HubSpot for forms, Matomo and Google Analytics for tracking, and Cookiebot for GDPR-compliant cookie management. However, the site suffers from an invalid SSL certificate and lacks important security headers and DNS security features, which lowers its security posture. Privacy compliance is well addressed with clear cookie consent and a comprehensive privacy policy. Business credibility is strong with clear contact information, social media presence, and trust signals such as testimonials and speaker highlights. Overall, the site is functional and professional but requires improvements in security infrastructure to enhance trust and compliance.

S

SoSafe

sosafe.de

0

SoSafe is a leading European provider of security awareness training and human risk management solutions, serving over 4.5 million users. Their platform leverages behavioral psychology, gamification, and AI to empower employees to recognize and mitigate cyber threats effectively. The company offers a suite of products including personalized e-learning, phishing simulation tools, an AI chatbot named Sofie, and a comprehensive human risk management dashboard. Technically, the website is built on WordPress, uses Cloudflare for hosting and CDN, and integrates marketing and analytics tools such as Google Tag Manager and Visual Website Optimizer. While the site is content-rich, well-designed, and privacy compliant with GDPR and cookie consent mechanisms, it suffers from a critical security issue: an invalid SSL certificate and disabled TLS protocols, which significantly lowers its security posture. The company demonstrates strong trust signals through ISO 27001, TISAX certifications, customer testimonials, and industry awards. Overall, SoSafe presents a professional and credible online presence but must urgently address its SSL/TLS configuration to ensure secure communications and maintain trust.

1

1-2-3-Plakat.de GmbH

123plakat.de

0

1-2-3-Plakat.de GmbH operates a specialized online platform focused on poster advertising across Germany, providing a comprehensive service that includes location selection, printing, and campaign management. The company targets businesses and freelancers seeking effective outdoor advertising solutions, leveraging a large inventory of over 160,000 poster locations. The website is built on TYPO3 CMS and integrates modern marketing and analytics tools such as Google Tag Manager and Google Analytics. Despite a well-structured and content-rich site with good user experience and clear contact information, the absence of a valid SSL certificate and HTTPS significantly undermines the security posture. The site employs cookie consent mechanisms and maintains GDPR-compliant privacy policies, reflecting good privacy compliance. Overall, the business demonstrates solid credibility and market positioning but requires urgent security improvements to protect user data and enhance trust.

P

ProSiebenSat.1 Welt

prosiebensat1welt.de

0

ProSiebenSat.1 Welt was a German Pay TV channel operated under the ProSiebenSat.1 media group, offering entertainment content including TV programs, films, and series. The channel ceased operations at the end of 2023 after nearly two decades. The website serves primarily as an informational and redirect portal to partner channels and provides compliance and legal information. Technically, the site is built using modern web technologies including Next.js and React, hosted likely on AWS infrastructure, and uses Contentful as a CMS. However, the site suffers from a critical security issue: the SSL certificate is invalid or missing, resulting in no HTTPS support, which severely impacts security posture and user trust. No advanced security headers or TLS protocols are enabled, and DNSSEC is not configured. Privacy compliance is addressed with a privacy policy and cookie consent mechanism, but no direct contact information or incident response details are provided. Overall, the site is functional and professionally designed but requires urgent security improvements to protect users and maintain credibility.

J

Joyn ist im Ausland nur begrenzt nutzbar

joyn.ch

0

Joyn.ch is a regional streaming media platform targeting German-speaking users in Switzerland, with sister sites in Germany and Austria. The service offers free and subscription-based tiers with geo-restrictions limiting usage abroad. Technically, the site is built on a modern Next.js framework hosted on Vercel, using GraphQL APIs and secure email services. The SSL configuration is strong with TLS 1.3 support and robust security headers, though HSTS is not fully enabled. Privacy and cookie policies are not present on the analyzed page, and no direct contact information is provided, which impacts compliance and trust. Overall, the site is professionally designed and performs well, but improvements in privacy transparency and incident response readiness are recommended.

J

Joyn

joyn.at

0

Joyn.at is a regional streaming media platform targeting German-speaking users in Austria, Germany, and Switzerland. The service offers video content with geo-restrictions limiting access outside these countries. The website is built using modern web technologies including Next.js and React, hosted on AWS infrastructure. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Privacy and cookie policies are present, indicating some compliance with GDPR requirements, but no explicit security or incident response policies are found. Overall, the site provides a professional user experience but requires significant improvements in security posture to protect user data and enhance trust.

G

Grover Deutschland GmbH

grover.com

0

Grover Deutschland GmbH operates a leading European tech rental platform offering flexible monthly rentals of a wide range of consumer electronics including smartphones, laptops, cameras, gaming consoles, and smart home devices. The company emphasizes sustainability by promoting product reuse and reducing electronic waste. Their business model includes optional insurance coverage (Grover Care) and a referral program (Grover Cash) to enhance customer engagement. Technically, the website is built on modern frameworks such as Next.js and React, hosted on Cloudflare, and integrates various analytics and marketing tools like Datadog, Segment, and Braze. Security measures are robust with HTTPS, HSTS, CSP, and secure cookie settings, although DNSSEC and CAA records are not implemented. The site is well-optimized for performance, mobile responsiveness, and accessibility, providing a professional and trustworthy user experience.

F

FRIDAY Versicherungen

friday.de

0

FRIDAY Versicherungen is a German digital insurance provider offering flexible and simple online insurance services, including a customer portal (MyFRIDAY) and claims reporting. The company is majority owned by Baloise and has recently ceased offering new insurance products, focusing on servicing existing contracts. The website is built on modern web technologies such as Next.js and Prismic CMS, hosted on AWS infrastructure. While the site provides good content quality, clear navigation, and GDPR-compliant privacy policies, it suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Email authentication is well configured with SPF and DMARC policies. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS configuration to ensure secure communications.

S

Sanity Group GmbH

sanitygroup.com

0

Sanity Group GmbH is a Berlin-based cannabis company positioned as one of Europe's leading players in the cannabis healthcare sector. The company focuses on unlocking the health benefits of cannabinoids through medical advisory, political advisory, and scientific pilot projects, including cannabis dispensaries in Germany and Switzerland. Their business model integrates medical expertise and regulatory engagement to support cannabis legalization and harm reduction. The website reflects a medium-sized enterprise with a professional online presence, targeting European consumers, healthcare professionals, and policymakers. Technically, the site is built on WordPress with Elementor and Yoast SEO, leveraging modern marketing and tracking tools such as Klaviyo and Google Tag Manager. However, the absence of a valid SSL certificate severely impacts the security posture, despite the presence of several security headers and a privacy-compliant cookie consent mechanism. Overall, the site is content-rich and professionally designed but requires urgent improvements in SSL/TLS configuration to ensure secure communications and trust.

O

ottonova Krankenversicherung AG

ottonova.de

0

Ottonova Krankenversicherung AG is a digitally advanced private health insurance provider based in Germany, founded in 2015. The company offers a range of private health insurance products including full coverage, supplementary dental and hospital insurance, and corporate health insurance, all delivered through a modern app-based platform. Ottonova positions itself as an innovative market player with high customer satisfaction and multiple industry awards. Technically, the website is built on Craft CMS and hosted on AWS infrastructure, employing modern JavaScript frameworks and consent management tools. However, a critical security issue is the lack of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. Privacy policies and cookie consent mechanisms are comprehensive and GDPR compliant. Overall, the website demonstrates strong business credibility and user experience but requires urgent security improvements to protect user data and maintain trust.

V

vedisys AG

vedisys.de

0

vedisys AG is a German software company specializing in providing modular, scalable software solutions for public transport companies (ÖPNV). Their flagship product, AMIS®7, supports multichannel sales, subscription management, ticketing, and customer dialogue platforms. The company has a strong market presence since 1996 and integrates with partner platforms such as mobilityportal® and payment services like Payone. The website reflects a professional and comprehensive digital presence with detailed product information, customer testimonials, and news updates. Technically, the site is built on WordPress with modern plugins and SEO optimizations, but lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security gap. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, the security posture is basic and requires urgent improvements to SSL/TLS and security headers to protect user data and enhance trust.

U

Unit M GmbH

unit-m.de

0

Unit M GmbH is a German-based specialist company focused on automating routine tasks in B2B sales and customer service, leveraging over 30 years of industry experience. The company offers a comprehensive suite of services including B2B eCommerce webshops, spare parts shops for mechanical engineering, customer portals, configurators, and IT consulting services. Their market position is strengthened by a solid client portfolio featuring well-known brands and recognized innovation funding. Technically, the website is built on WordPress with the Divi theme, integrating modern tools like Cookiebot for privacy compliance and Matomo for analytics. However, the site suffers from a critical security issue due to an invalid SSL certificate and lack of modern TLS protocol support, which undermines its security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the website is professional, content-rich, and trustworthy but requires urgent security improvements to protect user data and maintain credibility.

L

Landitec GmbH

landitec.de

0

Landitec GmbH is a medium-sized German company specializing in high-quality, flexible, and high-performance appliance solutions and services for the B2B sector. They focus on tailored IT security and network solutions, including hardware appliances, virtualization, SD-WAN, and industrial applications. The company holds a strong market position as an OPNsense Platinum Partner and collaborates with several notable technology providers such as Barracuda, 6WIND, and SECUDOS. Their offerings include customized appliances, pre-installed systems, and comprehensive customer support through an online portal. Technically, the website is built on Joomla CMS with Helix Ultimate framework and utilizes modern web technologies including Bootstrap 5 and jQuery. They employ Google Tag Manager and Google reCAPTCHA for analytics and security. However, a critical security gap is the absence of HTTPS/SSL, which significantly impacts their security posture. The site is mobile-optimized with good content quality and SEO practices. From a security perspective, while some security headers are present, the lack of SSL/TLS encryption, HSTS, and modern TLS protocols exposes the site to potential risks. No explicit security or incident response policies were found. Privacy compliance is well addressed with comprehensive privacy and cookie policies and a consent mechanism. Overall, the site is professional and trustworthy in content and business representation but requires urgent security improvements to protect data and enhance user trust.

E

E-MEDIAD GmbH

e-mediad.de

0

E-MEDIAD GmbH is a small, established creative agency based in Cologne, Germany, specializing in digital design, web development, and branding services since 2002. The company targets businesses and startups seeking professional digital and design solutions. Their website showcases a professional design with a rich portfolio and clear navigation, indicating a strong market position in the regional creative services sector. Technically, the website is built on WordPress using Elementor and LayerSlider, with additional plugins for SEO and cookie consent management. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which significantly impacts its security posture. Security headers are well implemented, but the absence of modern TLS protocols and strong cipher suites reduces overall security. Privacy compliance is good, with clear privacy and cookie policies and consent mechanisms in place. Contact information and social media presence are clearly provided, enhancing business credibility. Overall, the website is professional and trustworthy but requires urgent improvements in SSL/TLS configuration to meet modern security standards.

E

eCube GmbH

ecube.de

0

eCube GmbH is a German-based software development and consulting company specializing in sustainable software ecosystems and e-commerce architecture. They serve businesses seeking innovative, scalable digital solutions with a focus on technical excellence and long-term planning. Their market position is that of a trusted specialist with strong partnerships and a portfolio of successful case studies. Technically, the website is built on WordPress with modern SEO and multilingual support, though performance optimization is needed due to slow load times. Security posture is strong with HTTPS, valid SPF and DMARC policies, and no critical vulnerabilities detected, but improvements like HSTS and DNSSEC are recommended. Privacy compliance is well addressed with comprehensive cookie consent and GDPR-aligned privacy policies. Overall, eCube demonstrates a professional and trustworthy online presence with clear business and technical maturity.

V

VersicherungsCheck24

versicherungscheck24.de

0

VersicherungsCheck24 is a German-based online insurance comparison portal offering a wide range of insurance products for both private and business customers. The platform provides professional and independent comparisons, helping users find the best insurance tariffs tailored to their needs. The website is built on WordPress using Elementor and integrates modern web technologies such as Alpine.js and Google Tag Manager for analytics and marketing. While the site offers comprehensive content and good user experience, its performance is somewhat slow due to a large page size and many resources. Security posture is adequate with HTTPS and SPF/DMARC configured, but lacks advanced security headers like HSTS and OCSP stapling. Privacy compliance is present with a detailed privacy policy, though no explicit cookie consent mechanism was detected. Overall, VersicherungsCheck24 demonstrates a solid market position in the German insurance comparison sector with a trustworthy and professional online presence.

T

TelemaxX Telekommunikation GmbH

telemaxx.de

0

TelemaxX Telekommunikation GmbH is a well-established provider of high-security data center services, managed IT services, colocation, and telecommunications based in Karlsruhe, Germany. Founded in 1999, the company operates multiple certified data centers and owns a substantial fiber optic network, positioning itself as a regional leader with a strong shareholder base. Their service portfolio includes cloud services, secure telecommunications, and comprehensive managed services tailored to business customers. Technically, the website is built on TYPO3 CMS with modern frameworks and integrates analytics and marketing tools such as Matomo and Google Tag Manager. However, the security posture is impacted by an invalid SSL certificate and lack of advanced security headers, which should be addressed to enhance trust and compliance. Overall, the site demonstrates excellent content quality, professional design, and strong business credibility, though improvements in security and privacy mechanisms are recommended.

C

CyberForum e.V.

cyberlab-karlsruhe.de

0

CyberLab Karlsruhe is a well-established startup accelerator and community hub operating under CyberForum e.V. It offers comprehensive services including founding consulting, accelerator programs, coworking spaces, mentoring, coaching, and investment facilitation. The website targets startups and entrepreneurs primarily in Germany, positioning itself as a key regional player with over 28 years of experience and a large active network. Technically, the site is built on TYPO3 CMS, uses modern TLS protocols, and integrates various frontend libraries and APIs, though performance is hindered by a high number of resources and slow load times. Security posture is adequate with HTTPS and SPF records but lacks advanced features such as HSTS, OCSP stapling, DMARC, DNSSEC, and certificate transparency compliance. Privacy compliance is good with a clear privacy policy and cookie consent mechanism. Overall, the site is professional, trustworthy, and content-rich, but could improve technical and security aspects to enhance user experience and protection.

M

Mpirical

mpirical-lms.com

0

Mpirical LMS is an educational technology platform providing a Moodle-based learning management system primarily targeting educational institutions and learners. The platform integrates Microsoft 365 for user authentication and incorporates video content via Vimeo, indicating a focus on multimedia learning experiences. The business operates a niche SaaS model within the education sector, with a relatively small scale and basic public-facing content. Technically, the website is built on Moodle with YUI JavaScript libraries and uses OAuth2 for authentication. However, the site suffers from significant performance issues with a slow load time and lacks modern SEO and accessibility optimizations. The absence of a valid SSL certificate and HTTPS implementation is a critical security flaw, exposing users to potential data interception risks. The site also lacks essential security headers and cookie consent mechanisms, which further weakens its security posture and privacy compliance. From a security perspective, the platform shows minimal adherence to best practices. The lack of HTTPS, no HSTS, no DNSSEC, and missing DMARC reporting emails are notable vulnerabilities. No incident response or security policy information is publicly available, and no certifications or vulnerability disclosure policies are evident. These gaps present risks to user data protection and regulatory compliance. Overall, the website's risk profile is elevated due to poor security configurations and slow performance. Strategic improvements in SSL deployment, security headers, privacy compliance, and performance optimization are recommended to enhance trustworthiness and protect user data effectively.

A

AXESS Networks

axessnet.com

0

AXESS Networks is a specialized provider of satellite connectivity and telecommunications solutions targeting enterprise customers across multiple sectors including energy, telecommunications, maritime, government, and humanitarian services. The company operates a global infrastructure with teleports in Germany, Mexico, Colombia, UAE, and Peru, and is part of the Hispasat group, enhancing its market position and credibility. The website demonstrates a mature digital presence with multilingual support, comprehensive service offerings, and clear navigation. Technically, the site is built on WordPress with modern plugins and frameworks, optimized for performance and mobile responsiveness. Security posture is strong with HTTPS, TLS 1.3 support, OCSP stapling, and appropriate security headers, though improvements like HSTS and DNSSEC could be implemented. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, the site reflects a professional and trustworthy business with a solid technical foundation.

H

Hispasat

hispasatwave.com

0

Hispasat Wave is a specialized managed services platform focusing on satellite connectivity solutions for ISPs, telecommunications providers, media companies, and government entities. The company leverages a global satellite fleet combined with local partnerships to deliver broadband, video distribution, and OTT streaming services, primarily targeting Latin America and other global markets. The website reflects a mature digital presence with professional content, clear navigation, and multilingual support. Technically, the site is built using modern frameworks like Astro, hosted on Netlify, and employs best practices in performance and mobile optimization. Security posture is solid with HTTPS enforced, strong cipher suites, and standard security headers, though improvements such as enabling DNSSEC, DMARC, and enhanced HSTS policies are recommended. Privacy compliance is addressed with clear cookie and privacy policies and a consent mechanism, but GDPR compliance indicators could be strengthened. Contact is primarily via a web form, with no direct emails or phone numbers published. Overall, the site demonstrates a high level of professionalism and trustworthiness, suitable for its B2B audience.

R

Redeia

redeia.com

0

Redeia is a leading global manager of essential electricity and telecommunications infrastructures, primarily operating in Spain and Latin America. The company emphasizes sustainability, corporate governance, and a commitment to a just ecological transition. Technically, the website is built on Drupal 10 with modern libraries and is served via Imperva CDN, ensuring good performance and security. The security posture is strong with HTTPS, OCSP stapling, and secure cookie settings, though improvements in HSTS and DNS security are recommended. Privacy and cookie policies are present with consent mechanisms, indicating good compliance. Overall, Redeia presents a professional, trustworthy, and well-structured digital presence.

C

canadianlawyer.ca

canadianlawyer.ca

0

The website canadianlawyer.ca is currently a parked domain with no active business content or services. It primarily serves advertisements through Bodis and Google Adsense, indicating a business model focused on domain parking and monetization rather than providing legal or media services. The site lacks any identifiable company information, contact details, or social media presence, limiting its engagement with users and potential clients. Technically, the site is hosted via Bodis nameservers and does not employ modern security measures such as SSL/TLS encryption, DNSSEC, or security headers, resulting in a low security posture. Performance is suboptimal with a slow page load time and minimal mobile optimization. Privacy compliance is minimal, with a privacy policy page present but no cookie consent mechanism or GDPR compliance indicators. Overall, the site presents a low-trust, low-engagement profile with significant room for improvement in security, user experience, and business transparency.

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 12 security findings identified across all modules.

C

Colina Tech

colinatech.com.br

0

Colina Tech is a Brazilian digital marketing agency specializing in SEO, paid traffic, website development, and inbound marketing services. The company serves over 100 active clients across Brazil and holds multiple industry certifications such as Google Partner and Meta Business Partner, positioning itself as a technically proficient and data-driven marketing partner. The website is professionally designed with excellent content quality, clear navigation, and strong branding consistency. Technically, the site is built on WordPress with modern JavaScript libraries and performance optimizations, but lacks HTTPS, which is a critical security shortfall. Security posture is weak due to absence of SSL/TLS, HSTS, and modern TLS protocols, exposing the site to potential risks. Privacy compliance is basic, with no cookie consent mechanism despite use of tracking tools. Contact information is clearly provided, enhancing business credibility. Strategic recommendations include immediate SSL certificate installation, enabling security headers, and implementing privacy consent mechanisms to improve trust and compliance.

A

absence.io GmbH

absence.io

0

absence.io GmbH is a medium-sized technology company based in Germany specializing in SaaS solutions for absence management, time tracking, digital personnel files, and expense management. The company serves over 2,500 companies and 100,000 users, positioning itself as a reliable and trusted provider in the HR software market. Their platform supports multiple languages and integrates with major services like Google Workspace, Microsoft 365, and Slack, enhancing usability and enterprise adoption. The website demonstrates a strong brand presence with multiple trust signals including ISO certification and positive customer testimonials. Technically, absence.io uses TYPO3 CMS with a modern JavaScript stack including jQuery, Bootstrap, and Swiper for UI components. Hosting is on DigitalOcean with DNS managed via AWS Route53. The site supports TLS 1.3 and 1.2 but lacks advanced SSL features like HSTS and OCSP stapling. Cookie consent is managed via Usercentrics CMP, and analytics are extensive using HubSpot, Google Analytics, and Crazy Egg. Performance is moderate to slow, likely due to large page size and resource count. Security posture is solid with ISO-certified servers, daily backups, SPF and DMARC email protections, and SSL encryption. However, DNSSEC is not enabled, and CAA records are malformed. No public vulnerability disclosure or security.txt file was found. Privacy policies and terms of service are present and GDPR compliant. Overall, the company demonstrates a mature security and compliance stance but could improve SSL and DNS security features. Strategically, absence.io is well positioned in the HR SaaS market with a comprehensive product suite and strong customer trust. Continued investment in security hardening and performance optimization will enhance their competitive edge and customer confidence.

G

Grupa Pracuj S.A.

grupapracuj.pl

0

Grupa Pracuj S.A. is a leading European HR Tech platform headquartered in Poland, specializing in digital recruitment and HR process automation. The company operates multiple subsidiary brands including Pracuj.pl and Robota.ua, serving both job seekers and employers with technology-driven solutions. Their market position is strong within the HR technology sector, supported by a large workforce and a broad client base. Technically, the website leverages modern tracking and analytics tools such as Google Tag Manager and Microsoft Clarity, hosted on Azure and using Cloudflare DNS services. However, performance is somewhat slow with a load time exceeding 7 seconds. Security posture is adequate with valid SSL and SPF/DMARC records, but lacks advanced protections like HSTS, DNSSEC, and CAA records. No explicit security or incident response policies are publicly available. Overall, the website is professional, well-branded, and compliant with GDPR and cookie consent requirements, but could improve in security hardening and performance optimization.

F

Fieldfisher

fieldfisher.com

0

Fieldfisher is a prominent European law firm with a strong market position in key dynamic sectors such as technology, financial services, energy, and life sciences. The firm operates through 25 offices across 13 countries, providing comprehensive legal services tailored to a diverse client base. Their website reflects a mature digital presence with a focus on user experience, accessibility, and international reach. Technically, the infrastructure leverages modern web technologies including Kentico CMS, Cloudflare for hosting and security, and Cloudinary for media delivery, ensuring moderate performance and good mobile optimization. Security posture is solid with strong TLS configurations, DMARC enforcement, and SPF records, although there are opportunities to enhance HTTPS security by enabling HSTS and TLS 1.3 support. Privacy and compliance are well addressed with visible cookie consent mechanisms and comprehensive privacy policies. Overall, Fieldfisher demonstrates a high level of professionalism and trustworthiness in both business and technical domains.

P

Planon

planonsoftware.com

0

Planon is a leading global provider of Smart Sustainable Building Management software solutions, connecting buildings, people, and processes to optimize workspace management and building performance. With a strong market position recognized by industry analysts such as Verdantix, IDC, Gartner, and Frost & Sullivan, Planon offers a comprehensive suite of services including Integrated Workplace Management, Campus Management, Lease Accounting, and Field Services. Their platform supports IoT-enabled solutions and is designed to meet the evolving needs of real estate and facilities management professionals worldwide. Technically, Planon's website leverages modern web technologies including jQuery, Bootstrap, Swiper, and Choices.js, integrated with advanced analytics and A/B testing tools like Google Analytics and Visual Website Optimizer. The site is hosted on Yourhosting DNS infrastructure and employs secure TLS 1.2 encryption with strong cipher suites. Cookie consent is managed via Cookiebot, ensuring compliance with GDPR and other privacy regulations. From a security perspective, Planon demonstrates good practices with SPF and DMARC email policies, absence of known SSL vulnerabilities, and a strict DMARC reject policy. However, there are opportunities to enhance security by enabling HSTS, OCSP stapling, TLS 1.3 support, and DNSSEC. No explicit vulnerability disclosure or incident response contacts were found, indicating potential areas for improvement in transparency and security readiness. Overall, Planon maintains a high-quality, professional web presence with strong trust indicators and comprehensive compliance measures. Strategic enhancements in security configurations and public disclosure policies could further strengthen their security posture and stakeholder confidence.

E

edu.za

edu.za

0

The edu.za domain is associated with the education sector in South Africa, likely serving as a domain registry or portal for educational institutions. However, the website is currently non-functional, displaying a database connection error that prevents access to any meaningful content or services. The technical infrastructure is minimal, running on Apache with PHP 7.4.33, but lacks modern security configurations such as a valid SSL certificate and TLS support. The absence of security headers, DNSSEC, and email authentication mechanisms further weakens the security posture. There are no visible privacy or cookie policies, contact information, or business details, indicating a lack of transparency and user engagement. Overall, the site exhibits poor performance, accessibility, and security maturity, posing risks to users and stakeholders.

S

SAE University College

sae.edu.au

0

SAE University College is a leading higher education provider specializing in creative media and technology courses across Australia and internationally. It offers a wide range of industry-led programs in Animation, Audio, Design, Film, Games, Music, and related fields. The institution is part of the Navitas Group and holds important accreditations such as TEQSA and CRICOS, positioning it as a reputable player in the education sector. Technically, the website is built on WordPress with modern technologies and integrates multiple marketing and analytics tools, reflecting a mature digital presence. Security-wise, the site supports modern TLS protocols and has some best practices in place but is vulnerable to subdomain takeover and lacks HSTS enforcement, indicating areas for improvement. Overall, SAE University College maintains a professional and trustworthy online presence with comprehensive content and good user experience, though it should enhance its security posture and privacy compliance mechanisms.

T

The Luxury Collection

lc.com

0

The Luxury Collection website represents a premium luxury hospitality brand under Marriott International, offering curated boutique hotels and resorts worldwide. The site targets affluent travelers seeking unique cultural and luxury experiences. The business is positioned as a high-end brand within the global hospitality industry, leveraging Marriott's extensive portfolio and brand recognition. Technically, the site is built on WordPress with React components, hosted on WP Engine and served via Cloudflare CDN. It employs modern SEO practices including structured data and Yoast SEO plugin, and integrates multimedia content such as Brightcove videos and Google Maps. However, the site lacks a valid SSL certificate and does not enforce HTTPS, which is a critical security gap. Security headers are partially implemented but could be enhanced with additional controls. The site shows GDPR compliance through DMARC and SPF records but lacks visible cookie consent mechanisms. Overall, the security posture is moderate with room for improvement in encryption and security best practices. Strategic recommendations include immediate SSL implementation, enabling modern TLS protocols, and enhancing security headers to protect user data and improve trust. The site demonstrates excellent design, content quality, and user experience, reflecting its luxury market positioning.

O

Overture Maps Foundation

overturemaps.org

0

Overture Maps Foundation is a Linux Foundation affiliated project focused on providing free and open map data to support developers and organizations building map services and geospatial applications. The foundation emphasizes collaborative map building, data interoperability, quality assurance, and structured data schemas to create a reliable and easy-to-use open map data ecosystem. Their market position is that of a key contributor and integrator in the open geospatial data space, leveraging partnerships with major open source and industry organizations. Technically, the website is built on WordPress with a modern theme and plugins for SEO and event management, but suffers from performance issues and lacks a valid SSL certificate, which impacts security and user trust. Security posture is basic with no advanced headers, no DNSSEC, and no published vulnerability disclosure or incident response policies. The site uses Google Tag Manager for analytics and marketing, but lacks explicit cookie consent mechanisms. Overall, the website is professionally designed and content-rich, targeting developers and community members interested in open map data.

G

Geomatex Integrated Solutions

geomatex.com

0

Geomatex Integrated Solutions is a specialized geo-intelligence system integrator based in Egypt, focusing on reality modelling applications that serve CAD, GIS, BIM, and Digital Twin technologies. The company positions itself as a regional leader with a highly experienced team offering key services such as As-Built Documentation, Ground Penetrating Radar, Drone Services, and 3D laser scanning. Their target audience includes clients across various sectors requiring advanced geo-intelligence solutions. Technically, the website employs common web technologies like jQuery and Bootstrap but suffers from slow performance and lacks modern security configurations. The SSL certificate is invalid, and no advanced security headers or DNS protections are in place, exposing the site to potential risks. Privacy compliance is minimal, with no cookie consent mechanisms detected and only a basic privacy policy present. Overall, the business demonstrates moderate digital maturity but requires significant improvements in security and privacy to enhance trust and compliance.

Ansys Inc is a leading enterprise in the technology sector specializing in engineering simulation and 3D design software. The company offers a comprehensive suite of products and services targeting industries such as aerospace, automotive, energy, healthcare, and manufacturing. Their global presence and strong partner ecosystem position them as a market leader in digital engineering solutions. The website demonstrates excellent content quality, professional design, and clear navigation, catering to a diverse audience including students, educators, and industry professionals. Technically, the site leverages modern technologies such as Adobe Experience Manager, Coveo Search, and Akamai CDN, but suffers from significant security shortcomings including the absence of a valid SSL certificate and lack of modern TLS protocols. Privacy and cookie policies are well implemented, indicating good compliance with GDPR and related regulations. Overall, while the business credibility and content quality are high, the security posture requires urgent improvements to ensure secure user interactions and data protection.

S

Seequent

mxdeposit.net

0

Seequent is a New Zealand-based company specializing in geological and geotechnical data management solutions, with a strong focus on the mining and energy sectors. Their flagship product, MX Deposit, is a cloud-based platform designed to streamline the collection, management, and sharing of drillhole and sample data. The company operates under the parent company Bentley Systems, leveraging a subscription-based SaaS model with multiple user plans to cater to different operational needs. The website demonstrates a high level of professionalism, clear content structure, and consistent branding, targeting professionals in mining, exploration, and geotechnical fields. Technically, the website is built on WordPress with extensive use of modern JavaScript libraries and performance optimization tools such as NitroPack. It integrates several marketing and analytics tools including Segment, Marketo, and Google Tag Manager, indicating a mature digital marketing strategy. However, the primary domain mxdeposit.net lacks a valid SSL certificate and modern TLS support, which is a critical security concern. The main content and corporate information reside on seequent.com, which appears to be better maintained. From a security perspective, the site has implemented strict SPF and DMARC policies, but lacks essential SSL/TLS configurations, HSTS, and DNSSEC, exposing it to potential risks. No explicit security or incident response policies are found, which could be a gap in transparency and readiness. The presence of comprehensive privacy and terms of service pages indicates good compliance posture, including GDPR considerations. Overall, Seequent's MX Deposit website is a well-structured, content-rich platform with strong business and marketing foundations but requires urgent improvements in its security infrastructure to protect user data and enhance trust. Strategic recommendations include immediate SSL deployment, enabling modern security protocols, and publishing clear security and incident response policies.

A

Authopia by NordPass

authopia.io

0

Authopia by NordPass is a technology company specializing in passwordless authentication solutions, leveraging passkey technology to provide secure and frictionless user login experiences. The company targets developers and organizations seeking to modernize their authentication methods by integrating a pre-built widget and APIs. Positioned as a modern SaaS provider in the authentication space, Authopia emphasizes ease of integration and enhanced security through passwordless login flows. The website reflects a professional and consistent brand image with clear calls to action and developer resources. Technically, the website is built on modern frameworks such as Next.js and React, hosted on AWS infrastructure, and uses Google Analytics for user tracking. However, the website suffers from critical security issues including an invalid SSL certificate and lack of modern TLS protocol support, which significantly impacts its security posture. Privacy and cookie policies are present with consent mechanisms, but no explicit security or incident response policies are found. Overall, while the business model and technical infrastructure show promise, the security configuration requires urgent remediation to ensure trust and compliance.

E

Error 404 (Not Found)!!1

googletagmanager.com

0

The analyzed website at googletagmanager.com currently serves a 404 error page with no substantive content or metadata. It does not provide any business, contact, or policy information, indicating it is not intended as a public-facing informational site. The domain is registered and hosted on Google infrastructure but lacks a valid SSL certificate and modern security configurations, exposing it to potential security risks. The absence of privacy, cookie, or terms of service policies suggests no compliance posture is established on this endpoint. Overall, the site is non-functional for end users and lacks business or security maturity indicators.

D

DWS Asset Management

dws.com

0

DWS Asset Management is a leading global asset manager headquartered in Germany, offering a broad range of investment solutions including active, passive, and alternative investments. The company is well-positioned in the finance sector with a strong reputation for stability, innovation, and ESG integration. Technically, the website leverages modern frontend frameworks such as Vue.js and PrimeVue, with integrated video content via Brightcove, and uses Tealium for tag management and analytics. The security posture is solid with valid SSL certificates, SPF and DMARC email protections, and no known SSL vulnerabilities, though improvements such as enabling HSTS, DNSSEC, and security headers are recommended. Overall, the website demonstrates high professionalism, good privacy compliance, and a strong trust profile, serving a global financial professional and investor audience.

D

DWS Asset Management

deutscheawm.com

0

DWS Asset Management is a leading global asset manager headquartered in Germany, offering a broad range of investment solutions including active, passive, and alternative investments. The company is recognized for its expertise in ESG and sustainability investing, serving financial professionals, individual, and institutional investors. The website reflects a mature digital presence with modern frontend technologies and comprehensive content tailored to its target audience. Technically, the site employs Vue.js, PrimeVue, and Brightcove for video delivery, with robust analytics and tag management via Tealium and Webtrekk. Security posture is strong with enforced DMARC policies, SPF, and TLS 1.3 support, though improvements such as enabling HSTS and OCSP stapling are recommended. Overall, the site demonstrates high professionalism, trustworthiness, and compliance with GDPR, supported by clear privacy and cookie policies.

D

DWS Asset Management

deutscheam.com

0

Security assessment completed with an overall score of 50/100 (unknown risk). 8 high-priority issues should be addressed promptly. Total of 24 security findings identified across all modules.

I

Infront

vwd.com

0

Infront is a well-established provider of market data and trading software solutions, primarily serving the wealth management and trading sectors. With over 35 years of experience, the company positions itself as an industry leader trusted by thousands of businesses and professional users. Their offerings include a broad range of WealthTech solutions such as trading connectivity, portfolio management, APIs and data feeds, valuation and risk services, and news services. The website reflects a mature digital presence built on Adobe Experience Manager, integrating advanced marketing automation and analytics tools to support lead generation and customer engagement. However, a critical security lapse is noted with an expired SSL certificate, which undermines user trust and security posture. The site employs strong security headers and content security policies but lacks some advanced SSL features like OCSP stapling and HSTS preload. Overall, Infront demonstrates a high level of professionalism, branding consistency, and technical sophistication, though immediate remediation of SSL issues is recommended.

D

Dealogic

dealogic.com

0

Dealogic is a leading provider of software and data solutions for the global capital markets, serving top financial firms worldwide. As part of ION Analytics, Dealogic offers platforms tailored for investment banking, capital markets, syndicate, sales, trading, research, investment managers, and corporations. Their business model focuses on delivering industry-standard data and connectivity solutions that enhance deal-making, compliance, and market insights. The company maintains a strong market position as a trusted partner with extensive media presence and client base. Technically, the website is built on WordPress hosted on Microsoft Azure, leveraging modern web technologies including TLS 1.3, OCSP stapling, and multiple analytics and marketing tools such as Google Analytics, Facebook Pixel, LinkedIn Insight Tag, and 6sense. The site supports multiple languages and demonstrates good performance and mobile optimization, although accessibility is basic. From a security perspective, Dealogic implements strong email authentication with SPF and DMARC policies, uses secure TLS protocols, and has OCSP stapling enabled. However, it lacks HSTS enforcement, DNSSEC, and certificate transparency compliance. No explicit security policy or incident response information is published, and cookie consent mechanisms are not evident. The security posture is good but could be improved with additional best practices. Overall, Dealogic's website reflects a mature enterprise with strong branding, comprehensive business offerings, and a solid technical foundation. Strategic improvements in security transparency and privacy compliance would enhance trust and reduce risk exposure.

B

Berenberg

berenberg-us.com

0

Berenberg is a historic and well-established financial institution founded in 1590 in Hamburg, Germany. It operates globally with a strong presence in Europe and the USA, offering a broad range of financial services including investment banking, corporate banking, asset management, and fund management. The company is positioned as a leading advisor in Europe with a large equity research team covering over 800 European companies. Technically, the website employs modern web technologies and structured data to enhance SEO and user experience. However, the berenberg-us.com domain currently lacks a valid SSL certificate and modern TLS support, which poses a significant security risk. The company demonstrates good compliance with GDPR and cookie consent regulations, and maintains a comprehensive privacy and security policy. Overall, Berenberg shows a mature digital presence but should urgently address its SSL/TLS configuration to improve security posture and trust.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 8 security findings identified across all modules.

B

BHW Bausparkasse AG

bhw-partner.de

0

BHW Bausparkasse AG operates the BHW Partner portal, a dedicated platform for partners and financial advisors offering building savings and financing products in Germany. The website provides product information, tools, forms, and partner support services, positioning itself as a key player in the German finance sector specializing in Bausparen and Baufinanzierung. The site is professionally designed with consistent branding and good content quality, targeting financial partners and advisors. Technically, the website is built on Adobe Experience Manager CMS and integrates Webtrekk analytics for user tracking. However, the site currently lacks a valid SSL certificate and modern TLS configurations, which is a significant security concern. The presence of strong SPF and DMARC policies indicates good email security practices. Overall, the security posture is basic with room for improvement in SSL/TLS deployment and security headers. The website complies with GDPR and provides clear privacy and cookie policies with consent mechanisms. Strategic recommendations include upgrading SSL/TLS, enabling HSTS, and enhancing DNS security to improve trust and compliance.

S

Solvians IT-Solutions GmbH

ivestor.de

0

Ivestor.de is a German financial portal operated by Solvians IT-Solutions GmbH, providing stock prices, currency and commodity rates, and intelligent search tools for investment certificates and leveraged products. The website targets investors and financial market participants in Germany, offering relevant financial news and market data. Technically, the site is built on Angular 14.2.6, uses Matomo for analytics, and employs Microsoft Outlook services for email. The SSL configuration supports TLS 1.2 and 1.3 but lacks advanced security features like HSTS and OCSP stapling. DNS records are properly configured with SPF but lack DNSSEC and DMARC, indicating room for email security improvements. The website's performance is slow, with a load time exceeding 16 seconds, but it is mobile-optimized and SEO-friendly. Security posture is moderate with no critical vulnerabilities detected but could benefit from enhanced security headers and email authentication. Overall, ivestor.de presents a professional and trustworthy financial information service with a solid technical foundation but requires improvements in security and performance to enhance user trust and compliance.

C

Caisse d'Epargne de Nyon | Régionale et fière de l'être

cen.ch

0

Security assessment completed with an overall score of 50/100 (unknown risk). 11 high-priority issues should be addressed promptly. Total of 29 security findings identified across all modules.