TThe "registry" lists email servers that can be connected to the organization, indicating for each one:
- Application: indicates the resource (email server) displayed on the web.
- Risk: indicates the level of global risk associated with this application on the web for the organization's business.
- Expiration of SSL Certificate
- SSL Port
- WEB and TLS/SSL: safety tests expressed with a synthetic value that takes into account a complex analysis of the individual values found.
Each application detected corresponds to a detail sheet, shown in the following figure.
We do not consider it useful to comment on each field, widely covered in the report, but it may be useful to make some remarks.
TLS/SSL safety test
Indicates the result of the test performed on the cryptographic protocols used by the resource in question, in the same way as widespread security standards (PCI DSS, NIST, HIPAA, industry best practices). The ranking ranges from A (maximum security), B (less security), C (insufficient security) to F (critical insecurity).
Security levels depend on many factors, such as the reliability of the certificate underlying the encryption, the protocols used, the possible presence of known vulnerabilities and the implementation of measures to avoid abuse.