Is dingchengdanbao.com Safe? Security Analysis for 广东鼎成工程担保有限公司
Check if dingchengdanbao.com is a scam or legitimate. Free security scan and reviews.
AI Summary
广东鼎成工程担保有限公司是一家成立于2018年的专业工程担保服务供应商,拥有国有控股背景和超过50亿人民币的银行授信额度。公司专注于为建筑工程相关企业提供多种保函服务,包括投标保函、履约保函、支付保函等,业务覆盖广东及全国市场。网站内容丰富,展示了公司的业务流程、合作伙伴及新闻资讯,体现出较强的市场竞争力和专业形象。技术上,网站采用了现代前端技术如jQuery和Swiper,集成了百度统计和在线客服系统,具备良好的用户体验和移动优化。安全方面,网站使用HTTPS,但缺乏安全头部配置和隐私合规政策,存在一定的合规风险。WHOIS信息缺失,影响域名信任度,但整体业务信息和网站表现显示公司具备一定的市场信誉。建议加强隐私合规和安全防护措施以提升整体安全和合规水平。
Detected Technologies
🧠AI Business Intelligence
Technology stack, business insights, and market analysis powered by AI.
Business Intelligence
Market & Strategic Analysis
该公司定位于工程担保行业,凭借国有控股背景和强大的银行授信额度,在广东地区具有领先地位。其业务模式以提供多样化的保函产品为核心,帮助企业降低经营风险。网站展示了丰富的合作伙伴资源,包括多家大型银行,增强了其市场信任度。内容专业且针对性强,目标客户为建筑及工程企业。公司规模中等,成立时间较短但发展迅速,显示出良好的成长潜力。合作伙伴和友情链接网络广泛,体现出积极的市场拓展策略。
Extracted Contact Information
Marketing Intelligence Data
Email Addresses (1)
Phone Numbers (1)
Physical Addresses (1)
Security Posture Analysis
Comprehensive Security Assessment
网站整体安全基础较好,使用HTTPS保障数据传输安全,集成了第三方在线客服和百度统计进行用户交互和数据分析。缺少安全头部配置如CSP、HSTS等,存在潜在的安全风险。未发现明显的敏感信息泄露或漏洞。缺乏隐私政策和Cookie同意机制,可能导致合规风险。建议完善安全策略,增加安全头部,明确隐私和数据保护政策,并定期审计第三方脚本安全性。
Strategic Recommendations
Priority Actions for Security Improvement
完善网站隐私政策和Cookie政策,明确用户数据收集和使用方式,确保GDPR及相关法规合规。
✨Observations
AI-powered comprehensive website and business analysis.
AI-Enhanced Website Analysis
Business Insights
广东鼎成工程担保有限公司
广东鼎成工程担保有限公司(国有控股)专注工程担保服务,提供农民工工资保函、工程质量保函、工程支付保函等全品类保函解决方案,国有背景保障+银行亿授信,全国项目小时极速出函。
good
consistent
Technical Stack
moderate
good
basic
good
Security Assessment
- HTTPS usage implied by https URLs
- No exposed sensitive data in HTML
- Use of third-party customer service chat with some security features
Analytics & Tracking
Advertising & Marketing
Website Quality Assessment
Key Observations
Website is fully accessible with rich content in Chinese language
🛡️Security Headers
HTTP security headers analysis and recommendations.
Security Headers
HTTP security headers analysis
Missing Strict-Transport-Security header
HIGHForces HTTPS connections
Missing X-Frame-Options header
HIGHPrevents clickjacking attacks
Missing X-Content-Type-Options header
MEDIUMPrevents MIME type sniffing
Missing Content-Security-Policy header
HIGHControls resources the browser is allowed to load
Missing X-XSS-Protection header
MEDIUMLegacy XSS protection (deprecated but still recommended)
Missing Referrer-Policy header
LOWControls referrer information sent with requests
Missing Permissions-Policy header
MEDIUMControls browser features and APIs
Sensitive data may be cached
LOWCache-Control header should include "no-store" for sensitive pages
👤GDPR Compliance
Privacy and data protection assessment under GDPR regulations.
GDPR Compliance
Privacy and data protection assessment
No Privacy Policy found
HIGHGDPR requires a clear and accessible privacy policy
No Cookie Policy found
HIGHGDPR requires clear information about cookie usage
No Cookie Consent Banner found
HIGHGDPR requires explicit consent for non-essential cookies
GDPR Compliance Analysis
🛡️NIS2 Compliance
Network & Information Security Directive compliance assessment.
NIS2 Compliance
Network & Information Security Directive
No information security framework found
HIGHNIS2 requires documented cybersecurity and information security measures
No vulnerability disclosure policy
MEDIUMNIS2 encourages coordinated vulnerability disclosure
No security policy documentation found
HIGHNIS2 requires documented cybersecurity governance and risk management
No incident response procedures found
HIGHNIS2 requires documented incident response and business continuity plans
No business continuity planning found
MEDIUMNIS2 emphasizes operational resilience and business continuity
No security contact information
HIGHNIS2 requires clear incident reporting channels
No vulnerability reporting mechanism
MEDIUMClear vulnerability reporting supports coordinated disclosure
No NIS2 reference found
LOWConsider explicitly mentioning NIS2 compliance efforts
📧Email Security
SPF, DKIM, and DMARC validation and email security assessment.
Email Security
SPF, DKIM, and DMARC validation
Email Security Check Incomplete
MEDIUMSome email security checks timed out
🏆SSL/TLS Security
Certificate validity and encryption analysis.
SSL/TLS Security
Certificate validity and encryption analysis
SSL Certificate Expires Within 90 Days
MEDIUMSSL certificate expires in 65 days
Mixed Content Detected
MEDIUM5 resources loaded over insecure HTTP
Partial SSL/TLS Assessment
LOWCompleted 2 of 4 security checks due to time constraints
Certificate Details
OCSP Status
📊DNS Health
DNS configuration and security assessment.
DNS Health
DNS configuration and security assessment
DNSSEC Not Enabled
MEDIUMDNSSEC is not configured for this domain
CAA Records Not Configured
LOWCertificate Authority Authorization (CAA) records not found
DNS Records
DNSSEC Status
⚡Network Security
Port scanning and network exposure analysis.
Network Security
Port scanning and network exposure analysis
Critical Service Exposed: MySQL
CRITICALPort 3306 (MySQL) is publicly accessible - MySQL - Database server
🔧Technical Analysis
Detailed technical findings and analysis from AI assessment.
Technical Analysis
Comprehensive security assessment findings