OSANO
Osano simplifies global privacy compliance (GDPR, CPRA, and more) by helping organizations build, manage, and scale their privacy program.
Generate the full report
Company Info
| Company Name | Employees | Location | Last Updated | Industry |
|---|---|---|---|---|
| OSANO | 51-200 | Austin, United States of America | 19/17/2026 | IT/Software |
OSANO Vendor Risk Report
This is an exhaustive cyber risk assessment report based on the scans performed by the Site24x7 Digital Risk Analyzer on the OSANO domain. Based on the assertion checks performed for four main security aspects, namely domain, email, network, and application, results are provided in respective categories along with the score obtained for each. An overall domain score has also been assigned based on these results.
Domain Security
Certificate Authority Authorization Check
CAA (Certificate Authority Authorization) is a DNS record that specifies which Certificate Authorities (CAs) can issue SSL/TLS certificates for a domain, enhancing security by preventing unauthorized CAs from issuing certificates. When requesting a certificate, the CA checks the domain's CAA record. If the record authorizes the CA, the certificate is issued; otherwise, the request fails. Without a CAA record, any CA can issue a certificate, increasing the risk of mis-issuance. For example, to allow only Let's Encrypt, your CAA record would look like: example.com. IN CAA 0 issue "letsencrypt.org".CAA records ensure only authorized CAs can issue certificates for your domain.Domain Expiry
To maintain domain ownership, it is essential to renew the domain name before it expires. Once a domain expires, the domain will deactivated and parked. Once it is deactivated, you will not be allowed to make any changes, neither will the customers be able to access it, leading to negative impacts on your business and brand.
Using this check, Digital Risk Analyzer will track your domain expiry date and the number of days left for expiry.Blocklisted Domain
A blocklist will contain the list of IPs, domains, or email addresses that were reported for spam or any other malicious activity. A blocklisted domain will face a huge drop in the number of visitors and will be marked unsafe leading to a tarnished brand reputation.
Using this check, Digital Risk Analyzer will cross-verify your domain against the popular blocklists to ensure that your domain isnt flagged as a blocklisted one.
Email Security
Recursive SPF Redirect
This check detects recursive redirects in the SPF record which can exceed the lookup limits.Email Server Certificate
Mail servers are responsible for receiving, routing, and delivering e-mail. This check ensures correct configuration, Starttls support, valid certificates, and its expiry.SPF Existence
SPF is a DNS record that prevents email spoofing by specifying which mail servers can send emails on behalf of your domain. This check verifies if an SPF record is present for the domain, with further validation if a record exists.SPF Maximum Lookup
The SPF framework has a threshold limit of 10 DNS lookups to resolve a record. This check analyses whether there are more than 10 lookups in the SPF record. DNS lookups up to 10 per SPF record is allowed, which includes lookups caused by the use of terms like redirect, include, a, mx, ptr, and exists.DMARC Existence
DMARC is a DNS record that enhances SPF and DKIM to protect against email spoofing and phishing by specifying how email receivers should handle messages that fail authentication checks. This assertion verifies the presence of a DMARC record for the domain, with further validation performed if a record exists.TLS-RPT Existence
TLS-RPT (TLS Reporting) enables a domain to receive reports on TLS encryption issues in email delivery. It helps administrators identify and address failed secure delivery attempts. Defined in RFC 8460, it works with MTA-STS for better email security. A TLS-RPT record, located at _smtp._tls.example.com, directs email servers to send reports on failed TLS negotiations. Example: v=TLSRPTv1; rua=mailto:tls-reports@example.com. This assertion confirms the presence of the TLS-RPT record and initiates further actions, if found.MTA-STS DNS Existence
MTA-STS (Mail Transfer Agent Strict Transport Security) enforces secure TLS connections for email, preventing man-in-the-middle attacks. MTA-STS DNS records configure this protocol, directing mail servers to enforce TLS and specify related policies. This assertion verifies if the domain has an MTA-STS record in its DNS.MTA-STS HTTPS Existence
MTA-STS HTTPS existence ensures that a domain has an HTTPS-hosted policy file required for Mail Transfer Agent Strict Transport Security (MTA-STS). This protocol enforces encrypted email delivery. The policy file, named mta-sts.txt, must be hosted at: https://mta-sts.example.com/.well-known/mta-sts.txt.
Network Security
Insecure Cipher
A cipher is an algorithm for encryption and decryption of data. Ciphers enable private communication on different networking protocols, including the Transport Layer Security (TLS) protocol that offer encryption of network traffic. They use a system of fixed rules to transform plain text, or a message, into cipher text, a random string of characters. Your application or sever can be prone to vulnerabilities if you havent configured any order for your ciphers or if there are any insecure ciphers. The chances for an attacker to eavesdrop or tamper your data is high if youve insecure ciphers.
Digital Risk Analyzer will run a check to trace out weak ciphers with less than 128 bits, NULL ciphers, ciphers without encryption, etc., to avoid vulnerabilities.Valid SSL Certificate
An SSL Certificate is supposed to have a validity of 13 months or less. An expired SSL Certificate can make your site prone to phishing attacks, man-in-the-middle attacks, and data breaches. Moreover, it is essential to ensure that the certificate was issued by a trusted certificate authority and that the root certificate is a valid one. If not, "The certificate is not issued by a trusted certificate authority" or "SSL Certificate Not Trusted" errors will be raised.
Digital Risk Analyzer will run a check to ensure that your certificate hasnt expired and that it is issued by a valid certificate authority.SSL Chain Expiry
The SSL Certificate Chain is a list of certificates that include the root certificate, intermediate certificates, and the end-user certificate. The intermediate certificate along with the server certificate helps to complete the trust chain and makes the certificate chain efficient. When an intermediate certificate in your chain expires, SSL errors will be thrown and you wont be able to install any other certificates on your platform.
{0} will be checking the expiry of all your intermediate certificates and the number of days left for their expiry.SSL Certificate Vulnerabilities
SSL Vulnerabilities arise because of improper configuration of the SSL certificates. The most common vulnerabilities include BEAST, POODLE, POODLE (TLS), ROBOT, RC4 Vulnerability, CBC Vulnerability, AEAD, etc,.These vulnerability can lead to session hijackings, man-in-the-middle attacks, text command injections, and many other security issues.
Digital Risk Analyzer will check the SSL certificates to trace out any of the above mentioned vulnerabilities.Insecure SSL Protocol
SSL (Secure Sockets Layer) is a security protocol that encrypts data between a server and client, ensuring privacy and protection against tampering. However, outdated versions like SSL 2.0 and 3.0 are vulnerable to attacks, exposing sensitive data to breaches and phishing. Modern browsers flag websites using insecure SSL, damaging credibility and trust. To mitigate risks, SSL has been replaced by TLS (Transport Layer Security), which offers stronger encryption and enhanced security. Using up-to-date TLS versions, such as TLS 1.2 or 1.3, is crucial for safeguarding data and maintaining compliance with security standards.Application-Layer Protocol Negotiation (ALPN)
ALPN is a TLS extension that allows clients and servers to negotiate the application protocol (e.g., HTTP/1, HTTP/2) during the handshake, improving compatibility and performance. It enables faster data transfer, such as switching from HTTP/1.1 to HTTP/2, by reducing latency while ensuring secure communication.
Application Security
Insecure Cookies
Insecure cookies lack key security attributes, making them vulnerable to interception and attacks. Without the Secure attribute, cookies can be transmitted over unencrypted HTTP. The absence of SameSite makes them susceptible to CSRF attacks.Brand Reputation
Retaining the customer trust and the credibility of the brand is crucial for any business entity. With important data transactions happening through the websites, any issue that affects the security of the webpage can impact your brands reputation. Hence, it is essential to ensure that youre offering a secure online space for your customers.
Digital Risk Analyzer will cross check your website with Googles list of blocklisted URLs to ensure that it isnt present.Phishing
Phishing attackers use emails, text messages, or calls to steal sensitive information like social security number, passwords, or credit card details or manipulate people to download malware-infected files.It is the most common type of social engineering attack. Phishing attacks can result in huge financial loss, identity theft, and loss of brand reputation.
Digital Risk Analyzer will check your site against the Google list of webpages affected by phishing attacks to ensure that your site isnt listed there.Insecure Header
HTTP headers help in providing enhanced protection by preventing several vulnerabilities that can put your applications security in jeopardy. An insecure header may not help in preventing the users from connecting to an unencrypted site.
{0} checks for headers that are not configured correctly and may make the application vulnerable to attacks.Directory Listing
Directory listing exposes sensitive files when no default index file is present, allowing attackers to view and exploit them. Disabling it helps protect your server from unauthorized access.Cross-Origin Resource Sharing (CORS)
Cross-Origin Resource Sharing (CORS) is a security feature that controls access to resources on one domain from another. It prevents unauthorized requests by specifying which domains and methods are allowed through server response headers. For example, if example.com needs data from api.otherdomain.com, the API must allow this by setting Access-Control-Allow-Origin: example.com. Improper CORS configuration can block legitimate requests or expose sensitive data.