Hexiosec ASM Used for Which? Banking Survey

We’ve worked again with Which? (aka the Consumers’ Association) to undertake an in-depth study into the cyber security posture of the UKs leading banks, focussing specifically on their online and app security.

Use of Hexiosec ASM for the study

Our consulting team used Hexiosec ASM extensively for this study, to automate what would otherwise have been a very laborious task of online asset discovery (often call ’enumeration’), and the matching of finding against known vulnerabilities and configuration errors.

Two key areas we used Hexiosec ASM for in the study were:

• Websites - to scan the websites and public assets of all the organisations testing for such things as any sensitive ports and services, for out-of-date components in web applications, TLS misconfiguration or expired certificates.
• Email configuration - to test the SPF, DKIM and DMARC settings and configurations of the main sending domains for each bank.

You can find the final Which? report on their website here: Which banks have the best online and app security?

We have also written a more detailed blog where we discuss how we conducted the testing and what was included.

Related Posts

Testing The Cyber Security Of UK Banks With Which?

7 February 2023

Passwords - How much do they matter?

19 March 2021

About David Griffiths

David is Hexiosec's Chief Executive Officer, and one of our co-founders. He has 25 years' experience of leading, developing and architecting complex technical systems across the Defence, Government and Commercial sectors. David is a cyber security and cloud infrastructure specialist, with a rich background in agile methodology and modern software development technologies, covering a broad range of environments from embedded systems to web applications.