We’ve worked again with Which? (aka the Consumers’ Association) to undertake an in-depth study into the cyber security posture of the UKs leading banks, focussing specifically on their online and app security.
Use of Hexiosec ASM for the study
Our consulting team used Hexiosec ASM extensively for this study, to automate what would otherwise have been a very laborious task of online asset discovery (often call ’enumeration’), and the matching of finding against known vulnerabilities and configuration errors.
Two key areas we used Hexiosec ASM for in the study were:
- Websites - to scan the websites and public assets of all the organisations testing for such things as any sensitive ports and services, for out-of-date components in web applications, TLS misconfiguration or expired certificates.
- Email configuration - to test the SPF, DKIM and DMARC settings and configurations of the main sending domains for each bank.
You can find the final Which? report on their website here: Which banks have the best online and app security?
We have also written a more detailed blog where we discuss how we conducted the testing and what was included.