This type (HTTPS scan for a particular collection of websites) looks like an investigation I did in 2010 with a followup in 2011 (to see if the publication has had some influence and it had in some way): This investigation was done before the observatory was started. So I used SSLlabs (Ivan Ristic) at that time young website to do the actual scan (and got a bit more detailed info that way).
The scan was done on a (semi random) set of https websites in one country devided in categories (banks, government, local government, semi government, education, trade websites, security firms). The SSLlabs scan report was put in an MySQL database so from that database reports could be generated. >From the websites contact info if provided was maintained so automatic feedback to the website owner the scan report was sent for notice and reaction requests (I needed that to be able to publication it). You can get the scripts if you want to. You need to update the scripts (from 2011) due to newer discoveries as e.g. heartbleet. You need to collect the set of websites and category division by hand however. And ... yes this is a lot of work .... Is this some help to you? teus Sebastián Ramírez Magrí schreef op 05-05-14 02:38: > Hi folks! > > In the first place I'd like to thank you guys for your awesome work. > > In the second place, I'm interested on setting up an index of > public/government websites in my country and it's status regarding user's data > protection, starting with HSTS/HTTPS status. > > I'd like to reuse as much as I can, and I believe the SSL Observatory data > would be useful for this. > > Am I right? any hints on this? > > I've seen tha latest dump linked in the website is from 2010. Is there a way > to get a fresher dump? > > Best Regards, >
