How secure are UK websites? - MeasureCamp Manchester I, May 12 2018 - CyberScanner
What is the state of cyber
security in the UK?
(Alt. Title = What we learned from scanning
135,000 UK business websites).
Hat 1: Senior Tech SEO Consultant/Account Manager @
Hat 2: Digital Marketing Manager @ CyberScanner
What we did
• Using BuiltWith, extracted 250,000 UK
• Scanned them using our “fingerprint”
vulnerability scanner (non-intrusive, passive)
• Scanned the sites against a database of more
than 100,000 known vulnerabilities based on
identifying used technologies.
City % with at least one vulnerability
Sector % with at least one vulnerability
Art & Entertainment 82.13%
Law, Govt & Politics 84.39%
Automotive & Vehicles 81.50%
Health & Fitness 83.20%
Style & Fashion 81.12%
Food & Drink 82.84%
Things that we found…
• Issues with SSL implementations
• Vulnerability to XSS
• Vulnerability to CSRF
Why does this matter?
• GDPR is seeing more businesses invest in
cyber security to protect against data
breaches… Making others even more
• Protection for the user
• Google to go beyond HTTPS and introduce
passive scanning? (made this prediction in SEJ,
What can I do
• Beg development teams to update
platforms/plugins/third party integrations
when they need upgrading.
• Make use of pen testing.
• Actively monitor and assess cyber security
• Educate staff and employees on how to avoid