Is mcttp.de Safe? Security Analysis for Vogel IT-Akademie
Check if mcttp.de is a scam or legitimate. Free security scan and reviews.
AI Summary
The website www.mcttp.de represents the Munich Cyber Tactics Techniques & Procedures (MCTTP) conference, organized by Vogel IT-Akademie, a recognized IT training and event company in Germany. The site targets cybersecurity professionals in both corporate and governmental sectors, offering conference agendas, speaker information, tickets, and media partnerships. The business model revolves around event organization and knowledge sharing in cybersecurity, positioning itself as a niche but professional player in the German cybersecurity event market. Technically, the site is built on the Multiscreensite CMS platform, leveraging modern web technologies such as jQuery 3.7.0, Google Tag Manager for analytics, and Consentmanager.net for cookie consent management. It employs HTTPS with good SSL configuration and uses service workers to support progressive web app features. The site is moderately performant, mobile-optimized, and includes SEO best practices, though accessibility features are basic. From a security perspective, the site enforces HTTPS and cookie consent but lacks explicit security headers like CSP or X-Frame-Options. There is no published security policy or incident response contact, nor a vulnerability disclosure program. No vulnerabilities or suspicious content were detected. Privacy compliance is strong with a comprehensive privacy policy and cookie consent mechanism. Overall, the site is professional, trustworthy, and well-aligned with its business purpose. Recommendations include enhancing security headers, publishing security policies, and improving accessibility to further strengthen the security posture and user experience.
Detected Technologies
🧠AI Business Intelligence
Technology stack, business insights, and market analysis powered by AI.
Business Intelligence
Market & Strategic Analysis
MCTTP operates as a specialized cybersecurity conference organizer under the Vogel IT-Akademie umbrella. Its competitive advantage lies in its focused content, international speakers, and strong partnerships with media and cybersecurity organizations. Revenue streams likely include ticket sales, sponsorships, and training sessions. The target customers are cybersecurity professionals and organizations in Germany and Europe. Growth indicators include recurring annual events and expanding media partnerships. The partnership ecosystem includes reputable cybersecurity and IT organizations, enhancing credibility and reach.
Extracted Contact Information
Marketing Intelligence Data
Email Addresses (1)
Security Posture Analysis
Comprehensive Security Assessment
The website demonstrates a moderate security maturity level with HTTPS enforcement and cookie consent management. However, it lacks several best practices such as comprehensive security headers, published security policies, and incident response contacts. No direct vulnerabilities or exposed sensitive data were found. Compliance with GDPR is evident through privacy policies and consent mechanisms. The absence of a vulnerability disclosure program and security.txt file indicates room for improvement in transparency and incident handling readiness.
Strategic Recommendations
Priority Actions for Security Improvement
Implement and enforce security headers such as Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options.
✨Observations
AI-powered comprehensive website and business analysis.
AI-Enhanced Website Analysis
Business Insights
Vogel IT-Akademie
Eine brandneue Konferenz für zukunftsfähige Cybersecurity in Unternehmen und Behörden.
good
consistent
Technical Stack
moderate
good
basic
good
Security Assessment
- HTTPS enforced
- Consent management for cookies
- Service worker registration for PWA
Analytics & Tracking
Advertising & Marketing
Website Quality Assessment
Key Observations
Website is a professional conference site focused on cybersecurity.
🛡️Security Headers
HTTP security headers analysis and recommendations.
Security Headers
HTTP security headers analysis
Missing Strict-Transport-Security header
HIGHForces HTTPS connections
Missing X-Frame-Options header
HIGHPrevents clickjacking attacks
Missing X-Content-Type-Options header
MEDIUMPrevents MIME type sniffing
Missing Content-Security-Policy header
HIGHControls resources the browser is allowed to load
Missing X-XSS-Protection header
MEDIUMLegacy XSS protection (deprecated but still recommended)
Missing Referrer-Policy header
LOWControls referrer information sent with requests
Missing Permissions-Policy header
MEDIUMControls browser features and APIs
Sensitive data may be cached
LOWCache-Control header should include "no-store" for sensitive pages
👤GDPR Compliance
Privacy and data protection assessment under GDPR regulations.
GDPR Compliance
Privacy and data protection assessment
No Cookie Policy found
HIGHGDPR requires clear information about cookie usage
No Cookie Consent Banner found
HIGHGDPR requires explicit consent for non-essential cookies
No Data Protection Officer mentioned
LOWLarge organizations may need to designate a DPO under GDPR
Privacy policy may not be GDPR compliant
MEDIUMPrivacy policy lacks explicit GDPR compliance elements
EU business without adequate privacy measures
CRITICALEU businesses are subject to strict GDPR requirements
GDPR Compliance Analysis
🛡️NIS2 Compliance
Network & Information Security Directive compliance assessment.
NIS2 Compliance
Network & Information Security Directive
No vulnerability disclosure policy
MEDIUMNIS2 encourages coordinated vulnerability disclosure
No incident response procedures found
HIGHNIS2 requires documented incident response and business continuity plans
No business continuity planning found
MEDIUMNIS2 emphasizes operational resilience and business continuity
No security contact information
HIGHNIS2 requires clear incident reporting channels
No vulnerability reporting mechanism
MEDIUMClear vulnerability reporting supports coordinated disclosure
No NIS2 reference found
LOWConsider explicitly mentioning NIS2 compliance efforts
📧Email Security
SPF, DKIM, and DMARC validation and email security assessment.
Email Security
SPF, DKIM, and DMARC validation
No DMARC reporting
LOWDMARC aggregate reports not configured
No DKIM record found
MEDIUMDKIM adds cryptographic signatures to emails
No BIMI Record
LOWBIMI displays brand logos in email clients
No MTA-STS Policy
MEDIUMMTA-STS enforces TLS for email delivery
No TLS-RPT Record
LOWTLS-RPT provides reporting for email TLS issues
SPF Details
DMARC Details
🏆SSL/TLS Security
Certificate validity and encryption analysis.
SSL/TLS Security
Certificate validity and encryption analysis
Weak Protocols Supported
HIGHServer supports weak protocols: TLSv1.1
OCSP Stapling Not Enabled
LOWOCSP stapling improves performance and privacy
Certificate Transparency Not Implemented
LOWCertificate is not logged in Certificate Transparency logs
SSL Certificate Expires Within 90 Days
MEDIUMSSL certificate expires in 50 days
Mixed Content Detected
MEDIUM1 resources loaded over insecure HTTP
Partial SSL/TLS Assessment
LOWCompleted 3 of 4 security checks due to time constraints
Protocol Support
OCSP Status
📊DNS Health
DNS configuration and security assessment.
DNS Health
DNS configuration and security assessment
DNSSEC Not Enabled
MEDIUMDNSSEC is not configured for this domain
Domain Transfer Lock Not Enabled
MEDIUMDomain can be transferred without authorization
Domain Delete Lock Not Enabled
LOWDomain can be deleted without additional verification
Domain Registration Details
- •No domain protection locks enabled
DNS Records
DNSSEC Status
DNS Performance
SPF Analysis
⚡Network Security
Port scanning and network exposure analysis.
Network Security
Port scanning and network exposure analysis
Good Network Security Posture
LOWNo unnecessary services detected on common risky ports
🔧Technical Analysis
Detailed technical findings and analysis from AI assessment.
Technical Analysis
Comprehensive security assessment findings