Secure & Compliant

Verified: Dec 21 2024

clone-systems.com

The domain above has successfully passed the security tests performed by Clone Systems, Inc. The details for each security scan passed is listed below.

Secure your online business and earn your own certified trust seal for $175 /year

Penetration Testing

Passed

The website has successfully passed an extensive penetration test, in which our next-gen assessment technology was unable to successfully exploit any significant vulnerabilities. The infrastructure, application, and operating system of the website were continuously targeted during the testing phase in an effort to find and exploit flaws. By passing a penetration test the website's owner is demonstrating that significant steps were taken to protect itself and its users against advanced cyber-attacks. The following steps were performed during the penetration test process:

Reconnaissance

Gathered information about the website, application, API , the network topology, and finally the operating system.

Scanning

Identified active hosts and open ports, along with any existing vulnerabilities and weaknesses.

Exploitation

Attempted to exploit identified website vulnerabilities and weaknesses to gain access to the target system.

Post-Exploitation

Attempted to escalate privileges and clear tracks.

Advance Reporting

Compiled the results of the penetration test along with recommendations for remediation of any discovered threats.

PCI ASV Compliance

Passed

The website (URL) has successfully passed an approved security scan that's been authorized by all major credit card brands in accordance with the PCI DSS security standard. The passing result indicates that the site is secure to process credit card information and has adequate protection to do so.

The specific tests performed during the ASV scan include:

Firewalls and Routers

Evaluation of all network devices such as firewalls and external routers. If a firewall or router was used to establish a demilitarized zone (DMZ), these devices were included. The solution also tested for known vulnerabilities to detect whether the firewall or router was adequately patched.

Wireless Access Points

Detection of wireless access points visible from the Internet (over the wire) and detection of any known vulnerabilities and configuration issues.

Operating Systems

Verification that the operating system is patched against known exploits and detection of the version of the operating system and whether it is obsolete.

Web Servers

Tested for all known vulnerabilities and configuration issues on web servers and confirmed that directory browsing is not possible on the server.

Web Applications

Detection of current vulnerabilities and configuration issues (for example, OWASP Top 10, SANS CWE Top 25, etc.) including the following web application vulnerabilities and configuration issues:

  • Unvalidated parameters that lead to SQL injection attacks
  • Cross-site scripting (XSS) flaws
  • Directory traversal vulnerabilities
  • HTTP response splitting/header injection
  • Information leakage, backup script files, include file source code disclosure, insecure HTTP methods enabled, WebDAV or FrontPage extensions enabled, Default web server files, Testing and diagnostics pages.
Application Servers

Detection of application servers and/or web application servers and detection of known vulnerabilities and configuration issues.

Common Web Scripts

Uncovering commonly found scripts such as common gateway interface (CGI) scripts, e-commerce related scripts, ASPs, PHPs, etc. and detection of any known vulnerabilities.

SSL/TLS
  • Detection in reference to the presence and versions of cryptographic protocols on a component or service
  • Detection of encryption algorithms and encryption key strengths used in all cryptographic protocols for each component or service
  • Detection of signature-signing algorithms used for all server certificates
  • Detection and report on certificate validity, authenticity and expiration date
  • Detection and report on whether the certificate Common Name or wildcard match the server hostname
Anonymous Key-Agreement Protocols

Discovery of cryptographic protocols or services which allow anonymous/non-authenticated cipher suites.

Embedded Links

Detection of embedded code from (or links to) domains or sources outside of the scan customer’s scope and confirmation that this code is obtained from a trusted source, and that the code is implemented securely.

Other Applications

Reporting on the presence of other applications and discovery of any known vulnerability and configuration issues.

Database Servers

Discovery of open access to databases from the Internet.

DNS Servers

Uncovering the presence of DNS servers, to detect any known vulnerability and configuration issues, including unrestricted DNS zone transfer, forward and reverse DNS lookups, etc.

Mail Servers

Identification of all mail servers and detection of any known vulnerabilities and configuration issues.

Virtualization Components

Identification of internet accessible hypervisors as well as known vulnerabilities and configuration issues with virtualized components.

Point-of-Sale (POS) Software

Detection of point-of-sale (POS) software and any known vulnerabilities.

Remote Access

Evaluation of remote access software and detection of any known vulnerability or configuration issues. Remote access software includes, but is not limited to: VPN (IPSec, PPTP), applications such as LogMeIn, GoToMyPC, pcAnywhere and VNC, Terminal Server, remote web-based administration, SSH, and Telnet.

Built-in Accounts

Detection of built-in or default accounts and passwords by concentrating on known built-in or default accounts using default passwords. Also, detection of services that are available without authentication, (for example, services that require a username but do not require a password)

Common Services

Detection and reporting of common services known to have vulnerabilities.

Insecure Services

Detection of insecure services or industry-deprecated protocols (such as SHA-1) and/or services that transmit username and passwords as clear text (without encryption) and none were found.

Backdoors/Malware

A comprehensive malware infection and backdoor discovery scan was performed against the underlying operating system and the pages of the website. The scan did not identify any instances of malware or the presence of rootkits, backdoors, and Trojan horse programs.

Vulnerability Scanning

Passed

The website has passed a comprehensive vulnerability assessment, and the results of the scan did not identify any significant vulnerabilities that could be exploited by an attacker. The scan attempted to identify potential security weaknesses in the website's infrastructure, application or operating system. Various industry standards, including OWASP, SOX, SOC2, and others are followed during the scan process.

Network & OS

A network and operating system scan of the website was successful, which means that no critical security flaws were discovered in the network and operating system infrastructure that support the website. The website underwent extensive testing of all network components, operating system, patch/hotfixes, and zero-day vulnerabilities.

Malware

A comprehensive malware infection scan was performed against the underlying operating system and the pages of the website in which the scan did not identify any instances of malware.

OWASP

The website has passed an OWASP (Open Web Application Security Project) security scan. This means that a security assessment was performed on the website, and the results of the scan did not identify any significant vulnerabilities that could be exploited by an attacker using the OWASP Top 10 security risks as a framework.

The OWASP Top 10 is a widely recognized list of the most critical security risks facing web applications. An OWASP security scan focuses on identifying vulnerabilities in a website that align with the OWASP Top 10 security risks.

SOX

The website has passed a SOX vulnerability scan which means that the results of the scan did not identify any significant vulnerabilities that could compromise the integrity of financial reporting or other sensitive data. The results of the scan demonstrate the company's commitment to security and privacy, and provide assurance to customers, stakeholders, and regulatory authorities that the company is taking appropriate measures to protect sensitive information.

SOC2

The website passed a SOC2 vulnerability scan that focused on identifying vulnerabilities in the website's infrastructure, applications, and operating system that could compromise the security and privacy of customer data. The scan checked for a variety of security threats, including software vulnerabilities, misconfigurations, and other potential weaknesses.

The purpose of a SOC2 vulnerability scan is to provide assurance to customers that the company is taking appropriate measures to protect their sensitive data, and to demonstrate the company's compliance with the SOC2 standard. If a company passes a SOC2 vulnerability scan, it means that the results of the scan did not identify any significant vulnerabilities that could compromise the security and privacy of customer data.

Secure your online business and earn your own certified trust seal for $175 /year