stefan – Page 103 – Privacy Design®

February 22, 2018February 22, 2018

Article 29 Working Party on Feb2018 Plenary Meeting

– incl. some details that we didn’t see on their web site yet, e.g.

” CISPE Code of Conduct

The plenary adopted a letter addressed to the Association of Cloud Infrastructure Services Providers in Europe (CISPE) giving substantial feedback on the provisions of CISPE’s code of conduct. ”

(I assume that wasn’t good news for CISPE. )

http://ec.europa.eu/newsroom/article29/document.cfm?doc_id=49935

February 21, 2018

[Germany] BvD: Muster-AV-Vertrag für das Gesundheitswesen (DS-GVO) und Umgang mit Altverträgen

BvD: Muster-AV-Vertrag für das Gesundheitswesen (DS-GVO) und Umgang mit Altverträgen

https://www.bvdnet.de/bvd-arbeitskreise/arbeitskreis-medizin/

February 21, 2018November 5, 2020

List of web security and privacy scanner web sites

Privacy specific scanner:

http://privacyscore.org/
http://webbkoll.dataskydd.net/

Other scanners:

https://requestmap.herokuapp.com/
https://requestmap.webperf.tools/
https://webpagetest.org/
https://lookyloo.circl.lu/
https://themarkup.org/blacklight
http://sitecheck.sucuri.net/ (emphasis on vulnerabilities)
https://csi.forcepoint.com/ (emphasis on vulnerabilities, single page)
http://observatory.mozilla.org/ (emphasis on headers)
http://securityheaders.io/ (emphasis on headers)
http://urlscan.io/ (emphasis on interactions while loading URL)
http://www.htbridge.com/ssl/ (emphasis on SSL)
https://www.htbridge.com/websec/ (emphasis on headers)
http://ssllabs.com/ssltest/
http://www.magereport.com/ (for magento sites only)
http://www.ssltrust.info/ (checks for entry on malware, spam lists)
http://hardenize.com/
http://webcheck.me/
http://www.unmaskparasites.com/
http://cryptoreport.websecurity.symantec.com/checker/
http://www.scanmyserver.com/
http://safeweb.norton.com/

Online web spiders

http://freetools.webmasterworld.com/tools/crawler-google-sitemap-generator/

February 21, 2018February 21, 2018

[htbridge] Mobile app scanner (free)

https://www.htbridge.com/mobile/

February 21, 2018

HTTP Security Headers Overview

Good blog post with details on the different security headers and how to set them.

XSS-Protection
Content Security Policy
HTTP Strict Transport Security (HSTS)
HTTP Public Key Pinning (HPKP)
X-Frame-Options
X-Content-Type-Options
Referrer-Policy
Cookie Options
https://blog.appcanary.com/2017/http-security-headers.html

February 21, 2018

Open WPM (web privacy measurement scanner)

From the website below:

“Web Privacy Measurement is the observation of websites and serves to detect, characterize and quantify privacy-impacting behaviors. Applications of Web Privacy Measurement include the detection of price discrimination, targeted news articles and new forms of browser fingerprinting. Although originally focused solely on privacy violations, WPM now encompasses measuring security violations on the web as well.”

https://github.com/citp/OpenWPM/wiki

February 21, 2018

Germany/Bavaria: DPA scanning for web sites for privacy-compliant Google Analytics use

In 2012, the Bavarian DPA scanned German web sites for the privacy compliant use of Google Analytics.

The DPA checked

if a written processing agreement had been put in place with Google,
if the privacy notice on the web site was transparent on the use of Google Analytics and the users’ option to avoid being tracked
if the Google Analytics’ “anonymization feature” was enabled in the web site’s source code

13.404 Webseiten had been tested 2.371 companies were contacted for shortcomings.

More information (in German) on https://www.lda.bayern.de/de/google_analytics.html

February 21, 2018

OWASP OWTF web/server scanner

https://www.owasp.org/index.php/OWASP_OWTF

February 21, 2018February 21, 2018

OWASP mobile security project

https://www.owasp.org/index.php/OWASP_Mobile_Security_Project