Probe Security Headers
Check HTTP security headers across your web properties to identify missing protections like CSP, HSTS, and X-Frame-Options.
Third-Party Risk Assessment
Assess third-party vendor security through identity verification, external security probing, attack surface analysis, and breach history.
Third-party vendors often have access to sensitive data or critical systems, making their security posture your security concern. A data breach at a vendor can have the same impact as a breach in your own infrastructure. Effective third-party risk assessment evaluates vendor security from the outside in without requiring privileged access.
This workflow evaluates vendor security by verifying their business identity through domain registration, probing their external security posture for misconfigurations, assessing the breadth of their attack surface, and researching their security incident history. The assessment provides an evidence-based risk score for vendor selection and ongoing monitoring.
Steps
1
Verify Vendor Identity
Validate the vendor domain registration details to confirm legitimate business identity and registration history.
Input: Vendor domain to verify registration details.
Output: Domain registration details including registrant organization, registration age, and registrar.
2
Assess External Security Posture
Probe the vendor external-facing infrastructure to evaluate their security posture including headers, TLS, and technologies.
Input: Vendor domain and known endpoints to probe.
Output: Security header analysis, TLS configuration, technology stack, and server security assessment.
3
Evaluate Attack Surface
Perform reconnaissance on the vendor infrastructure to assess the breadth of their external attack surface.
Input: Vendor domain for attack surface reconnaissance.
Output: Attack surface assessment including exposed services, potential vulnerabilities, and risk indicators.
4
Research Security History
Search for past security incidents, data breaches, and security certifications associated with the vendor.
Input: Vendor name and domain to search for security incidents and certifications.
Output: Past breach reports, security certifications, compliance attestations, and incident history.
Benefits
- Verify vendor identity and business legitimacy through registration analysis
- Evaluate external security posture without requiring vendor cooperation
- Assess attack surface breadth as an indicator of security maturity
- Research breach history and security certifications for informed decisions
- Repeatable assessment for ongoing vendor monitoring
Related Use Cases
Discover Hidden Services
Find hidden or forgotten web services running on your infrastructure that may be exposed without your knowledge.
Scan Web Application Vulnerabilities
Run comprehensive vulnerability scans against web applications to identify security weaknesses.
Test API Security
Assess the security of REST APIs by testing authentication, authorization, input validation, and injection resistance.
Look Up Domain Registration Details
Query WHOIS and RDAP databases to get complete registration information for any domain.
Check Domain Expiration Dates
Monitor when domains expire to prevent accidental lapses or plan acquisition of expiring domains.
Research Market Trends
Identify emerging market trends by combining web search results with the latest news coverage across your industry.
Monitor Brand Mentions
Track where and how your brand is being discussed across the web and in news coverage.