The "log" lists resources in the cloud that can be linked to the organization, indicating for each:
- Application: Indicates the cloud resource displayed on the web. These are not sites intended to be consulted by users, but services that can be used through the use of credentials.
- Risk: Indicates the overall risk level for the organization's business associated with this application exposed on the web.
- Expiry date of the SSL certificate
- WEB and TLS/SSL: safety tests expressed with a synthetic value that takes into account a complex analysis of the individual values found
Each application detected corresponds to a detail sheet, shown in the following figure.
We do not consider it useful to comment on each field, widely covered in the report, but it may be useful to make some remarks.
TLS/SSL safety test
Indicates the result of the test performed on the cryptographic protocols used by the resource in question, in the same way as widespread security standards (PCI DSS, NIST, HIPAA, industry best practices). The ranking ranges from A (maximum security), B (less security), C (insufficient security) to F (critical insecurity).
Security levels depend on many factors, such as the reliability of the certificate underlying the encryption, the protocols used, the possible presence of known vulnerabilities and the implementation of measures to avoid abuse.