On 05/05 12:18, teus wrote: > This type (HTTPS scan for a particular collection of websites) looks > like an investigation I did in 2010 with a followup in 2011 (to see if > the publication has had some influence and it had in some way): > This investigation was done before the observatory was started. So I > used SSLlabs (Ivan Ristic) at that time young website to do the actual > scan (and got a bit more detailed info that way). > > The scan was done on a (semi random) set of https websites in one > country devided in categories (banks, government, local government, semi > government, education, trade websites, security firms). The SSLlabs scan > report was put in an MySQL database so from that database reports could > be generated. > From the websites contact info if provided was maintained so automatic > feedback to the website owner the scan report was sent for notice and > reaction requests (I needed that to be able to publication it). > You can get the scripts if you want to. You need to update the scripts > (from 2011) due to newer discoveries as e.g. heartbleet. You need to > collect the set of websites and category division by hand however. > > And ... yes this is a lot of work .... > > Is this some help to you? > > teus > Sebastián Ramírez Magrí schreef op 05-05-14 02:38: > > Hi folks! > > > > In the first place I'd like to thank you guys for your awesome work. > > > > In the second place, I'm interested on setting up an index of > > public/government websites in my country and it's status regarding user's > > data > > protection, starting with HSTS/HTTPS status. > > > > I'd like to reuse as much as I can, and I believe the SSL Observatory data > > would be useful for this. > > > > Am I right? any hints on this? > > > > I've seen tha latest dump linked in the website is from 2010. Is there a way > > to get a fresher dump? > > > > Best Regards, > > >
Hi Teus, Yes, of course it could help. Right now we're building an index of the sites that will be periodically scanned so any input will be useful when I start implementing tests or looking at the available data. We also considered the automated contact form/email submissions to the maintainers or owners of the websites, for that I'm thinking on the opencongress tool. Can you hand me your scripts? Best Regards, -- Sebastián Ramírez Magrí
pgpwg3_rZ68M_.pgp
Description: PGP signature
