Security Index Methodology
How we calculate and rank company security scores
Scoring System
Each company starts with a perfect score of 100 points. Points are deducted based on security issues discovered during our automated scan.
| Score Range | Grade | Status |
|---|---|---|
| 80 - 100 | A+ | Verified Secure |
| 50 - 79 | At Risk | Improvements Needed |
| 0 - 49 | Critical | Urgent Action Required |
What We Analyze
- SSL/TLS Certificate: Validity, expiration, and configuration strength
- Security Headers: Content-Security-Policy, X-Frame-Options, HSTS, etc.
- DMARC/SPF/DKIM: Email authentication and anti-spoofing measures
- Open Ports: Detection of exposed services (FTP, SSH, MySQL, etc.)
- Sensitive Files: Exposure of .env, .git, backup files
- CMS Vulnerabilities: WordPress plugins, user enumeration
- Cookie Security: Secure and HttpOnly flags
- Domain Reputation: Blacklist status across major providers
Data Sources
Our scans use publicly accessible information only. We do not perform intrusive testing or access private systems. All data is gathered through:
- HTTPS connections to the target domain
- DNS record queries
- SSL certificate analysis
- HTTP header inspection
- Public blacklist databases
Update Frequency
Industry indices are generated periodically. Companies can request a re-scan at any time by claiming their profile. Verified badge holders receive automatic quarterly re-scans to maintain their certification.
Dispute Process
If you believe your score is inaccurate:
- Claim your company profile using the link in the leaderboard
- Request a manual review with evidence
- Our team will re-analyze within 48 hours
Security scores represent our opinion based on publicly available information. Full Legal Disclaimer