After creating an IP risk scoring system earlier this year (presented in the blogpost Cyberinsurance, IP risk scoring and cybersecurity), we've now developed a new risk score system for Domains.
You can now test it here: https://www.securityrating.io/domain.html
To determine the vulnerability score of a domain, we used 3 categories that contribute with different weights to the final risk score, according to their importance from a security perspective:
- Cookies
- SSL
- Security Headers
These 3 categories are incredibly important when configuring a domain. For these, we've created a list of data points that we use to check if they are correctly configured - you can see it in detail in https://github.com/binaryedge/ratemyip-openframework.
securityrating.io
We've merged "Rate my IP" and "Rate my Domain" into a single page: https://securityrating.io. When you visit this page, you can either get your IP risk score or any domain risk score.
When we made the formula for "Rate my IP" public, we received very good feedback from the community so we decided to make the formula for the domain scoring public as well. You can check all the details in https://github.com/binaryedge/ratemyip-openframework