Search Results

The compliance monitor (codename Krahken) is intended to collect all data from our other products and present them in a unified portal. Additionally it has 2 main purposes:  Adding functionality for Compliance Scans and Analytics Adding functionality for A...

General Information In the world of website compliance, a lot of differnt compliance violotions can occour. Therefore we decided to make a clear separation of those violations and introduced different violation categories: Regulatory Violations Business V...

There are 2 types of actions, that can bei set to resolve issues: Resolve / Acknowledge Ignore Resolve an issue   By resolving an issue, the compliance monitor assumes that the cause has been fixed.  e.g.: If you resolve an issue for a cookie named...

When working with the compliance monitor, you will likely very often see the term "regulatory" or "business" in combination with "compliance".  There is a simple reason for that: Compliance is more complicated than security monitoring.  While security foll...

    This how-to describes how it is best to reproduce cookie violations, as this is often a very confusing topic. First of all it would be good to know, how exactly our crawler works in this case:  How Nimbusec visits websites The crawler of Nimbusec is te...

Issues can be auto acknowledged to simplify the issue handling process by keeping most of the transparency.  What does it do? If there is a rule, that allows e.g. a specific cookie to be set on a website, the issue will be auto acknowledged on our side. Th...

APIv3 docu: https://openapi.nimbusec.com/?urls.primaryName=Nimbusec%20Website%20Security%20API%20v3#/

Installation This guide describes the installation of the Nimbusec Server Agent. The Server Agent is optional for the function of the product, but improves the detection rate greatly. Therefore, it is strongly recommended to install the Server Agent. Installa...

This document describes the Install Process of the nimbusec Server Agent under Windows Server 2008 and 2012. The Server Agent adds extended functionality to the nimbsuec service. Installation Download the appropriate version of the Server Agent for your Se...

Outdated CMS Version The use of an outdated version of a content management system (CMS) can lead to various security issues. A list of known security vulnerabilities sorted by version number can be found in the publicly accessible CVE Details database¹. In m...

Hatred or Violence Browser plug-ins like WOT [1] allow to evaluate a website by the user, e.g.regarding questionable contents like hate speech, racism or discrimination. Your website has received poor ratings in this category. The result is that the plug-in w...

Certificate Legacy Certificates By legacy we mean distrusted certificates. An example from the past is the distrust of the Symantec PKI [1]. The best solution to date is, to replace the existing distrusted certificate with a new one from any Certificate Auth...

The Cyber Risk Rating Portal issues multiple documents at the end of the rating process for every supplier. The documents are among others the Cyber Risk Rating Certificate which contains the overall rating scores for the supplier along with the WebRisk score ...

General Information In the world of website compliance, a lot of differnt compliance violotions can occour. Therefore we decided to make a clear separation of those violations and introduced different violation categories: Regulatory Violations Business V...

Explanation Security Header Ratings allow an objective assessment about the website's condition in terms of the security of the HTTP response headers. By adding and configuring security headers according to best practices, another layer of security will stren...

Nimbusec Discovery's Mission Nimbusec Discovery aims to identify all websites related to your organization and perform a passive security analysis by simulating one single website visitor per domain. A Nimbusec Discovery report is an objective, external over...

Nimbusec is a website security monitoring tool that notifies you, when your website was hacked or is in danger. It allows you to react before your customers or your reputation are harmed. Safe: Nimbusec never exposes data of your servers to the cloud, resp...

Each alert offers the user the ability to perform three different actions: Mark as resolved Mark to ignore Ask for support To trigger one of those actions, click on "Actions" on the top right corner of the relevant issue. Mark as resolved When an a...

Blacklists are lists of internet addresses that are known for security problems. These lists are maintained by organisations like Google, cybersecurity companies or non-profits who try to warn about "black sheep" within the online community. There are two ways...