How to Create a Social Media Plan Like a Pro - Jordan Scheltgen
How secure are UK websites? - MeasureCamp Manchester I, May 12 2018 - CyberScanner
1. What is the state of cyber
security in the UK?
(Alt. Title = What we learned from scanning
135,000 UK business websites).
2. Who
Dan Taylor
Hat 1: Senior Tech SEO Consultant/Account Manager @
SALT.agency
Hat 2: Digital Marketing Manager @ CyberScanner
https://salt.agency
https://cyber-scanner.com
@taylordanrw
3. What we did
• Using BuiltWith, extracted 250,000 UK
business websites
• Scanned them using our “fingerprint”
vulnerability scanner (non-intrusive, passive)
• Scanned the sites against a database of more
than 100,000 known vulnerabilities based on
identifying used technologies.
@taylordanrw
5. City % with at least one vulnerability
London 86.28%
Manchester 85.90%
Birmingham 85.78%
Bristol 85.82%
Glasgow 84.67%
Edinburgh 86.95%
Leeds 86.94%
Nottingham 87.85%
Sheffield 84.94%
Liverpool 84.53%
Belfast 84.21%
@taylordanrw
7. Sector % with at least one vulnerability
Travel 81.47%
Sports 80.45%
Art & Entertainment 82.13%
Law, Govt & Politics 84.39%
Automotive & Vehicles 81.50%
Health & Fitness 83.20%
Style & Fashion 81.12%
Food & Drink 82.84%
Pets 80.77%
@taylordanrw
8. Things that we found…
• Issues with SSL implementations
• Vulnerability to XSS
• Vulnerability to CSRF
@taylordanrw
9. Why does this matter?
• GDPR is seeing more businesses invest in
cyber security to protect against data
breaches… Making others even more
vulnerable.
• Protection for the user
• Google to go beyond HTTPS and introduce
passive scanning? (made this prediction in SEJ,
in 2017)
@taylordanrw
10. What can I do
• Beg development teams to update
platforms/plugins/third party integrations
when they need upgrading.
• Make use of pen testing.
• Actively monitor and assess cyber security
risks
• Educate staff and employees on how to avoid
social engineering
@taylordanrw