Steemit.com Security Vulnerability Audit
Was having some issues focusing on coding endevours coupled as well as troubles sleeping this evening so I decided to fire up website security analysis program
Taipan
and run it against Steemit.com to see if I could uncover any existing yet unknown security issues on the site.
In a thorough vulnerability / penetration test scan elapsing roughly 45 minutes Steemit.com was audited against majority of known website exploits. While this doesn't 100% confirm that the Steemit.com website is impervious to hackers or expliots it does indicate that the website is quite secure in terms of
Results of Security Audit
-=[ Scan Result Summary ]=-
-= Web Server =-
Nginx
-= Web Programming Language =-
Php
-= Security Issues =-
SSL Test on https://www.steemit.com/. TLSv1.0
Strenght: strong, Name: ECDHE_RSA_WITH_AES_128_CBC_SHA
Strenght: strong, Name: ECDHE_RSA_WITH_AES_256_CBC_SHA
Strenght: strong, Name: RSA_WITH_AES_128_CBC_SHA
Strenght: strong, Name: RSA_WITH_AES_256_CBC_SHA
TLSv1.1
Strenght: strong, Name: ECDHE_RSA_WITH_AES_128_CBC_SHA
Strenght: strong, Name: ECDHE_RSA_WITH_AES_256_CBC_SHA
Strenght: strong, Name: RSA_WITH_AES_128_CBC_SHA
Strenght: strong, Name: RSA_WITH_AES_256_CBC_SHA
TLSv1.2
Strenght: strong, Name: ECDHE_RSA_WITH_AES_128_GCM_SHA256
Strenght: strong, Name: ECDHE_RSA_WITH_AES_128_CBC_SHA256
Strenght: strong, Name: ECDHE_RSA_WITH_AES_128_CBC_SHA
Strenght: strong, Name: ECDHE_RSA_WITH_AES_256_GCM_SHA384
Strenght: strong, Name: ECDHE_RSA_WITH_AES_256_CBC_SHA384
Strenght: strong, Name: ECDHE_RSA_WITH_AES_256_CBC_SHA
Strenght: strong, Name: RSA_WITH_AES_128_GCM_SHA256
Strenght: strong, Name: RSA_WITH_AES_128_CBC_SHA256
Strenght: strong, Name: RSA_WITH_AES_128_CBC_SHA
Strenght: strong, Name: RSA_WITH_AES_256_GCM_SHA384
Strenght: strong, Name: RSA_WITH_AES_256_CBC_SHA256
Strenght: strong, Name: RSA_WITH_AES_256_CBC_SHA
SSLv3/TLS, chain: 1
Certificate: 1
Valid From: 11/25/2018 12:00:00 AM
Valid To: 12/25/2019 12:00:00 PM
Self Issued: False
Serial:
Subject: CN=steemit.com
Issuer: CN=Amazon,OU=Server CA 1B,O=Amazon,C=US
Server Names:
steemit.com
*.steemit.com
Certificate: 2
Valid From: 10/22/2015 12:00:00 AM
Valid To: 10/19/2025 12:00:00 AM
Self Issued: False
Serial:
Subject: CN=Amazon,OU=Server CA 1B,O=Amazon,C=US
Issuer: CN=Amazon Root CA 1,O=Amazon,C=US
Certificate: 3
Valid From: 5/25/2015 12:00:00 PM
Valid To: 12/31/2037 1:00:00 AM
Self Issued: False
Serial:
Subject: CN=Amazon Root CA 1,O=Amazon,C=US
Issuer: CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US
Certificate: 4
Valid From: 9/2/2009 12:00:00 AM
Valid To: 6/28/2034 5:39:16 PM
Self Issued: False
Serial:
Subject: CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US
Issuer: OU=Starfield Class 2 Certification Authority,O=Starfield Technologies\, Inc.,C=US
Warnings:
CS006: Server supports cipher suites with no forward secrecy.
Missing Strict-Transport-Security on https://www.steemit.com/
Cookie Not Marked As Secure on https://www.steemit.com/. Cookie: Expires
Cookie Not Marked As HttpOnly on https://www.steemit.com/. Cookie: Expires
Other than some cookies buggery and cipher suites having no forward secrecy the website scan results were quite lackluster which is a good thing when doing this. All and all this website penetration scan showed little to none signs of weakness on behalf of Steemit.com security which is a great report.
Need Your Site Audited for Vulnerabilities?
If you're a web developer wishing to test to see if their website is secure against would be hackers I'm willing to extend this service to you for a small sum of STEEM which can be paid in the amount of 25 STEEM per a site audited. This will include a full site vulnerability scan as well as complete output of results from the scan!
( please consider voting my witness for more cool posts, development and MS-paint art! )
VOTE @KLYE FOR WITNESS!
Every Single Vote Helps, Thanks for the Support!
Witness Server Hosted Via Privex.io
Need to get in Contact with KLYE?
Join the Official #KLYE Discord Server Today!
https://www.ssllabs.com/ssltest/ is my favorite to test a website's SSL and security vulnerabilities.
Nice@ Appreciate the share of information sir!
This post has been included in the latest edition of The Steem News in 10 posts - a compilation of the key news stories on the Steem blockchain.
Thanks Pennsif! Much appreciated.