We’ve worked again with Which? (aka the Consumers’ Association) to undertake an in-depth study into the cybersecurity posture of the UKs leading banks, focussing specifically on their online and app security. This was performed by our world-class cyber security consulting team at Red Maple Technologies.
Use of FractalScan Surface for the study
Our consulting team used FractalScan Surface extensively for this study, to automate what would otherwise have been a very laborious task of online asset discovery (often call ’enumeration’), and the matching of finding against known vulnerabilities and configuration errors.
Two key areas we used FractalScan Surface for in the study were:
- Websites - to scan the websites and public assets of all the organisations testing for such things as any sensitive ports and services, for out-of-date components in web applications, TLS misconfiguration or expired certificates.
- Email configuration - to test the SPF, DKIM and DMARC settings and configurations of the main sending domains for each bank.
You can find the final Which? report on their website here: Which banks have the best online and app security?
We have also written a more detailed blog where we discuss how we conducted the testing and what was included.