Is ewcs.ch Safe? Security Analysis for EveryWare AG
https://ewcs.chCheck if ewcs.ch is a scam or legitimate. Free security scan and reviews.
AI Summary
EveryWare AG operates an Open Cloud Authentication Service, providing identity and access management solutions primarily targeting enterprise clients. The website analyzed is a login portal leveraging modern authentication protocols such as OpenID Connect and technologies including Keycloak and PatternFly. The site is designed for secure user authentication but lacks publicly accessible information such as privacy policies, terms of service, or contact details on this page. Technically, the site uses a modern tech stack with React-based UI components and standard security practices like disabling autocomplete on password fields. However, no explicit security headers were detected, and privacy compliance indicators are absent, which could be improved to enhance trust and security posture. Overall, the site is functional and professional but minimalistic in public content.
Detected Technologies
🧠AI Business Intelligence
Technology stack, business insights, and market analysis powered by AI.
Business Intelligence
Market & Strategic Analysis
EveryWare AG appears to be a specialized technology company focused on authentication services, likely serving enterprise customers requiring secure cloud-based identity management. The business model centers on providing authentication infrastructure, possibly as a service or integrated solution. The lack of public marketing content or detailed business information on this login page suggests a focus on internal or partner-facing usage. The company is based in Switzerland, aligning with the domain registration data. No evident partnerships or subsidiaries were identified from the provided data. The company’s competitive advantage likely lies in secure, standards-based authentication services leveraging open protocols and modern frameworks.
Security Posture Analysis
Comprehensive Security Assessment
The security posture shows moderate maturity. The use of OpenID Connect and Keycloak indicates adherence to modern authentication standards. Password fields have autocomplete disabled, reducing risk of credential leakage. However, the absence of visible security headers such as Content-Security-Policy, X-Frame-Options, and Strict-Transport-Security is a notable gap. No privacy or cookie policies are presented, which may impact compliance with GDPR and other regulations. Incident response contacts or vulnerability disclosure policies are not found. Overall, the site is secure for authentication purposes but could benefit from enhanced security headers, explicit privacy compliance, and published security policies to improve trust and regulatory adherence.
Strategic Recommendations
Priority Actions for Security Improvement
Implement and enforce security headers including Content-Security-Policy, X-Frame-Options, and Strict-Transport-Security.
✨Observations
AI-powered comprehensive website and business analysis.
AI-Enhanced Website Analysis
Business Insights
EveryWare AG
EveryWare AG provides an Open Cloud Authentication Service, likely focused on identity and access management solutions.
basic
consistent
Technical Stack
moderate
basic
basic
poor
Security Assessment
- Use of OpenID Connect protocol for authentication
- Password input fields with autocomplete off
Analytics & Tracking
Advertising & Marketing
Website Quality Assessment
Key Observations
Website is a login portal for EveryWare AG's Open Cloud Authentication Service.
🛡️Security Headers
HTTP security headers analysis and recommendations.
Security Headers
HTTP security headers analysis
Weak Strict-Transport-Security configuration
LOWCurrent value: "max-age=16000000; includeSubDomains; preload;"
Weak X-Content-Type-Options configuration
LOWCurrent value: "nosniff, nosniff"
Weak Referrer-Policy configuration
LOWCurrent value: "no-referrer-when-downgrade"
Missing Permissions-Policy header
MEDIUMControls browser features and APIs
👤GDPR Compliance
Privacy and data protection assessment under GDPR regulations.
GDPR Compliance
Privacy and data protection assessment
No Privacy Policy found
HIGHGDPR requires a clear and accessible privacy policy
No Cookie Policy found
HIGHGDPR requires clear information about cookie usage
No Cookie Consent Banner found
HIGHGDPR requires explicit consent for non-essential cookies
GDPR Compliance Analysis
🛡️NIS2 Compliance
Network & Information Security Directive compliance assessment.
NIS2 Compliance
Network & Information Security Directive
No information security framework found
HIGHNIS2 requires documented cybersecurity and information security measures
No vulnerability disclosure policy
MEDIUMNIS2 encourages coordinated vulnerability disclosure
No security policy documentation found
HIGHNIS2 requires documented cybersecurity governance and risk management
No incident response procedures found
HIGHNIS2 requires documented incident response and business continuity plans
No business continuity planning found
MEDIUMNIS2 emphasizes operational resilience and business continuity
No security contact information
HIGHNIS2 requires clear incident reporting channels
No vulnerability reporting mechanism
MEDIUMClear vulnerability reporting supports coordinated disclosure
No NIS2 reference found
LOWConsider explicitly mentioning NIS2 compliance efforts
Critical sector without clear security compliance
HIGHDetected sectors: transport, digital
📧Email Security
SPF, DKIM, and DMARC validation and email security assessment.
Email Security
SPF, DKIM, and DMARC validation
No DKIM record found
MEDIUMDKIM adds cryptographic signatures to emails
No BIMI Record
LOWBIMI displays brand logos in email clients
No MTA-STS Policy
MEDIUMMTA-STS enforces TLS for email delivery
No TLS-RPT Record
LOWTLS-RPT provides reporting for email TLS issues
SPF Details
🏆SSL/TLS Security
Certificate validity and encryption analysis.
SSL/TLS Security
Certificate validity and encryption analysis
Weak Protocols Supported
HIGHServer supports weak protocols: TLSv1.1
OCSP Stapling Not Enabled
LOWOCSP stapling improves performance and privacy
Certificate Transparency Not Implemented
LOWCertificate is not logged in Certificate Transparency logs
Partial SSL/TLS Assessment
LOWCompleted 3 of 4 security checks due to time constraints
Protocol Support
OCSP Status
📊DNS Health
DNS configuration and security assessment.
DNS Health
DNS configuration and security assessment
DNSSEC Not Enabled
MEDIUMDNSSEC is not configured for this domain
CAA Records Not Configured
LOWCertificate Authority Authorization (CAA) records not found
No DMARC Record
MEDIUMDMARC policy not configured
DNS Records
DNSSEC Status
DNS Performance
SPF Analysis
⚡Network Security
Port scanning and network exposure analysis.
Network Security
Port scanning and network exposure analysis
Good Network Security Posture
LOWNo unnecessary services detected on common risky ports
🔧Technical Analysis
Detailed technical findings and analysis from AI assessment.
Technical Analysis
Comprehensive security assessment findings
Additional Findings
How did we do?
Your feedback directly shapes our roadmap. Rate the quality of this report, leave an optional comment, and let us know if you want our security specialists to follow up.
What others say about ewcs.ch
Share your experience to help others make informed decisions. We verify every review by email and publish it once our moderation team approves it.
Community rating
—out of 5
0 reviews published