Warnings PrivacyBison publishes warnings when it learns a service has announced a data breach or is found misusing user data. If you believe a warning should be published for PrivacyBison.com
| p |
Observations based on User Activity FileNon-Intrusive Cybersecurity and Privacy Observations based on User Activity File |
Scan Malwares, Unwanted Software, Social media phishing using Google Web Risk
Formula :
Nil
* If we found any URLs through Google Web Risk, then the score will be 0.
* Or else it will be 10.
No records found.
Get the list of open ports and verify if the corresponding application in the default credential list maps to the port
Score - Description
0 - If any of the default application credentials were successful.
10 - If none of the default application credentials were successful.
Validate if a given website is vulnerable to Directory Traversal Attacks
Formula :
((N-x)* w1 ) / ( N*(w1) ) * 10
N - Total number of dorks checked
x - Total number of vulnerabilites found
Weightage for the below parameters:
- IsVulnerable? w1
Get the list of open ports and verify if the corresponding application in the default credential list maps to the port
Score - Description
0 - If any of the application ports are found to be open.
10 - If none of the application ports are found to be open.
Get the site URL from the HAR file and validate the website for TLS protocol, keyxchange, cipher strength and if it has trusted certificates
Formula :
((x* w1 + y* w2 + z * w3) / ( N*(w1+w2+w3) )) * 10
N - Base of 10
x - Protocol Score
y - Cipher Strength Score
z - Key Exchange Score
Weightage for the below parameters:
- Protocol w1
- CipherStrength w2
- KeyExchange w3
No records found.
Scan Malwares in a domain from various tools and antivirus using AlienVault
Formula :
Nil
* If we found any Vuls through Alien vault malware, we will score by the following.
Severity=5, means score 0
Severity=4, means score 3
Severity=3, means score 6
Severity=2, means score 8
Check for PII in API Request Cookies
Formula :
10-(Avg weight/No.of.entries)
* Weight will be differ from infoTypes.
* The minimum weight will be taken for specific infoTypes.
* All entries will be consider. Because the info which we found through DLP is posssible for leakage of info about users.
Check for PII in API Request Headers
Formula :
10-(Avg weight/No.of.entries)
* Weight will be differ from infoTypes.
* The minimum weight will be taken for specific infoTypes.
* All entries will be consider. Because the info which we found through DLP is posssible for leakage of info about users.
Check for PII in API Request Queries
Formula :
10-(Avg weight/No.of.entries)
* Weight will be differ from infoTypes.
* The minimum weight will be taken for specific infoTypes.
* All entries will be consider. Because the info which we found through DLP is posssible for leakage of info about users.
Check for PII in API Response Bodies from the Web Application
Formula :
10-(Avg weight/No.of.entries)
* Weight will be differ from infoTypes.
* The minimum weight will be taken for specific infoTypes.
* All entries will be consider. Because the info which we found through DLP is posssible for leakage of info about users.
Check for PII in API Cookies from the Web Application
Formula :
10-(Avg weight/No.of.entries)
* Weight will be differ from infoTypes.
* The minimum weight will be taken for specific infoTypes.
* All entries will be consider. Because the info which we found through DLP is posssible for leakage of info about users.
Check for PII in API Response Headers from the Web Application
Formula :
10-(Avg weight/No.of.entries)
* Weight will be differ from infoTypes.
* The minimum weight will be taken for specific infoTypes.
* All entries will be consider. Because the info which we found through DLP is posssible for leakage of info about users.
Check for PII in Cache
Formula :
10-(Avg weight/No.of.entries)
* Weight will be differ from infoTypes.
* The minimum weight will be taken for specific infoTypes.
* All entries will be consider. Because the info which we found through DLP is posssible for leakage of info about users.
Get the cookies from the HAR file of a given URL and analyse and generate a report
Formula :
(((N-x)* w1 + (N-y)* w2 + (N-z) * w3) / ( N*(w1+w2+w3) )) * 10
N - Total number of cookies in my report
x - Total number of insecure cookies
y - Total number of non HTtpOnly cookies
z - Total number of Third Party cookies
Weightage for the below parameters:
- Secure? w1
- HttpOnly w2
- Classification w3
Get the JWT from the given response/request, and validate it for various vulnerabilities
Formula :
(N-x)* w1 / ( N*(w1)) * 10
N - Total number of checks for each JWT in my report
x - Total number of failed JWT token checks
Weightage for the below parameters:
- Validation Failed? w1
Strict-Transport-Security response header (HSTS) lets a web site tell browsers that it should only be accessed using HTTPS and not HTTP
Formula :
(N-x)* w1 / ( N*(w1) ) * 10
N - Total number of header checks in my report
x - Total number of failed header checks
Weightage for the below parameters:
- HeaderCheck w1
CSP provides advanced protection for Cross Site Scripting and Injection Vulnerabilities
Formula :
(N-x)* w1 / ( N*(w1) ) * 10
N - Total number of header checks in my report
x - Total number of failed header checks
Weightage for the below parameters:
- HeaderCheck w1
HPKP is a Trust of First Use approach.Modern web applications should not tie themselves to specific Public Keys
Formula :
(N-x)* w1 / ( N*(w1) ) * 10
N - Total number of header checks in my report
x - Total number of failed header checks
Weightage for the below parameters:
- HeaderCheck w1
Expect-CT headers prevents the usage of wrongly issued certificates for a site and makes sure that they do not go unnoticed
Formula :
(N-x)* w1 / ( N*(w1) ) * 10
N - Total number of header checks in my report
x - Total number of failed header checks
Weightage for the below parameters:
- HeaderCheck w1
Sites can use X-Frame-Option to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites.
Formula :
(N-x)* w1 / ( N*(w1) ) * 10
N - Total number of header checks in my report
x - Total number of failed header checks
Weightage for the below parameters:
- HeaderCheck w1
The Access-Control-Allow-Origin response header indicates whether the response can be shared with requesting code from the given origin
Formula :
(N-x)* w1 / ( N*(w1) ) * 10
N - Total number of header checks in my report
x - Total number of failed header checks
Weightage for the below parameters:
- HeaderCheck w1
X-Content-Type-Options prevents the browser from doing MIME-type sniffing
Formula :
(N-x)* w1 / ( N*(w1) ) * 10
N - Total number of header checks in my report
x - Total number of failed header checks
Weightage for the below parameters:
- HeaderCheck w1
The Referrer-Policy HTTP header controls how much referrer information (sent via the Referer header) should be included with requests.
Formula :
(N-x)* w1 / ( N*(w1) ) * 10
N - Total number of header checks in my report
x - Total number of failed header checks
Weightage for the below parameters:
- HeaderCheck w1
Etags are similar to fingerprints and might be used for tracking purposes
Formula :
(N-x)* w1 / ( N*(w1) ) * 10
N - Total number of header checks in my report
x - Total number of failed header checks
Weightage for the below parameters:
- HeaderCheck w1
Find Vulnerable data in JS files using RetireJS
Formula :
Nil
* If we found any Vuls through RetireJS, we will score by the following.
H or M > 10, then the score will be 2,
M < 10 or L > 20, then the score will be 5,
L < 20 and L > 10, then the score will be 7,
L < 10 and L > 5, then the score will be 8,
L and L < 5, then the score will be 9,
H - High Vulnerability Count
M - Medium Vulnerability Count
L - Low Vulnerability Count
No records found.
Formula :
(N-x)* w1 / ( N*(w1)) * 10
N - Total number of session token checks for each URL in my report
x - Total number of failed session token checks
Weightage for the below parameters:
- Status Check Failed? w1
Verify sensitive information from HAR file Content(only HTML and JS)
Formula :
10-(Avg weight/No.of.entries)
* Weight will be differ from infoTypes.
* The minimum weight will be taken for specific infoTypes.
* All entries will be consider. Because the info which we found through DLP is possible for leakage of info about users.
Find Vulnerable data in JavaScripts and Find Vulnerable URL's using XSSStrike
Formula :
Nil
* If we found any Vuls through XSS Strike Scanner, we will score by the following.
H or M > 10, then the score will be 2,
M < 10, then the score will be 5,
H - High Vulnerability Count
M - Medium Vulnerability Count
No records found.
- Scoring is between 0 and 10, with 10 being the Best Score and 100% COMPLIANT.
- Scoring Logic:
[NUMERATOR] / [DENOMINATOR] x 10.- Expand each check to see the detailed description for the NUMERATOR and the DENOMINATOR sections, and Evidence Records.
- Each evidence record is in one of 3 states:
- COMPLIANT: The resource and attributes PASS the check
- NON_COMPLIANT: The resource or attributes FAIL the check
- NOT_DETERMINED: We are quite not sure
- NOT_DETERMINED status is when the system cannot process the request and we can neither declare COMPLIANT or NON_COMPLIANT. These records are EXCLUDED from the scoring logic.