NC3 Knowledge base
Tests
Website Application Testing
After entering a website's domain name, we will test whether the website supports various modern Internet standards such as:- Content Security Policy (CSP) header
- Cross-Origin Resource Sharing (CORS)
- HTTP Strict Transport Security (HSTS) header implementation
This platform is providing a tool in order to verify the reachability of your server from a modern internet address (IPv6).
This platform is providing a tool to assess your web server configuration, software versions and potential vulnerabilities.
Standards
HTTPS
HTTPS (HyperText Transfer Protocol Secure) is an encrypted version of the HTTP protocol. It uses SSL or TLS to encrypt all communication between a client and a server.
HSTS
HTTP Strict Transport Security lets a website inform the browser that it should never load the site using HTTP and should automatically convert all attempts to access the site using HTTP to HTTPS requests instead. It consists in one HTTP header, Strict-Transport-Security, sent by the server with the resource.
DMARC and SPF
DMARC and SPF are protections against email phishing.
DMARC record is a TXT record that contains instructions for how an email server should handle an email that fails authentication. Using DMARC records, you can control if email receivers should reject, quarantine, or do nothing with a suspicious email.
The Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of an email.
Domain signature (DNSSEC)
The Domain Name System Security Extensions are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS).
DKIM
DomainKeys Identified Mail is an email authentication method designed to detect forged sender addresses in email (email spoofing).
DKIM allows the receiver to check that an email that claimed to have come from a specific domain was indeed authorized by the owner of that domain.