Bizoscore is designed to help you understand publicly exposed infrastructure issues in your IT environment or privacy issues.
It is easy to use:
1- go to bizoscore.eu
2- enter your website
3- wait for the results
a- you see an instant result: someone has already checked your site. Maybe a sign someone has an interest?
b- you have to wait (we take rotas to pedal to power the computer during the scan) but you can enter an email address to be notified (no spam, just one notification)
Then, you can:
4- do nothing. At least you won't be able to say you weren't warned when something happens
5- buy a report:
a- you don't mind Stripe to take payments, report available upon payment (credentials sent by email). We minimise the amount of data they get.
b- you don't want to pay by card, we can send you an invoice that can be paid by bank transfer
6- you download your report from the client area and have reading material for a few days. The executive summary is intended for senior management.
Options
1- you do nothing. Gambling is in your nature
2- you need assistance to prepare a plan of actions, we can help.
3- you are a corporate client and need a licence for the scanner as you would also like to check your suppliers (with DORA in sight, you never know), we can discuss your needs.
4- you need someone to fix issues: some of our partners can help.
5- you realise you need a proper system to manage your data documentation, we can introduce Bizoneo www.bizoneo.eu
6- you notice errors in the report: we will investigate and re-issue a new one.
Our tests are designed to test for preventative measure against cross-site scripting attacks, man-in-the-middle attacks, cross-domain information leakage, cookie compromise, content delivery network compromise, and improperly issued certificates.
When you type your domain, the scan:
The scans are based on attempts to simulate what happens when a user visits a specified page with a typical browser. The browser has no add-ons/extensions installed, and Do Not Track (DNT) is not enabled, since this is the default setting in most browsers.
External files such as images, scripts and CSS are loaded, but the tool performs no interactions with the page. No links are clicked. No forms are submitted.
We currently do not test for outdated software versions, SQL injection vulnerabilities, vulnerable content management system plugins, improper password creation policies or storage procedures etc.
The scans are meant to be used by website owners and their relevant advisors as a starting point for security and compliance improvements.
Our scans look at information publicly available from the supplied domain and cross check with a number of known vulnerabilities. We look at common vulnerabilities but don't look at the detailed tech stack. so we cannot guarantee that all vulnerabilities are included.
With regards to cookie audits, some cookies may not be included in our database and will therefore be tagged as unknown despite being functional cookies.
With regards to data transfers, the scan does its best to resolve IP addresses to countries, but this sometimes may report inaccurate locations.
For each test, some points are given and the points are transcribed into grades ranging from A+ to E. Some grades are similar to the grades of the Mozilla Observatory for the tests that are similar to theirs. Other grades are granted based on industry best practice.
While we'd love to say that any site that scores an A+ is perfectly secure and private, there's a lot more that goes making a website secure than what we can test.
While some tests may indicate a low score, the organisation may have implemented appropriate technical and organisational measures to mitigate.
As the system is mainly automated, the results may not be 100% correct.
Some tests have limited granularity. For instance, if the website places non-necessary cookies without consent, it is breaking EU legislation and the website scan will be reduced.
The reports include the detailed explanation.
The initial scan is free. It shows a series of grades, compiled from the scans that we performed.
You will then be offered the choice to purchase further reports.
The detailed report for a scan of the homepage costs €119 + VAT @23% detailed report
Further reports are available subsequently. Cost may vary depending on your processing landscape.
For Corporate accounts, please use our contact form.
When you use our website, we process as little as possible (principle of minimisation).
The easiest way to find out what data is processed is to read our data protection notice.
Regarding statistics, and why we don't measure, this is because our KPIs (key performance indicators) are based on the number of sites scanned per day and the sales per day.
Once you have read the reports, you can engage with our team (by the hour) to explain the reports.
Bizoscore does not offer badges or certifications as we believe this can be misleading:
You may engage our team to document your processing activities in more details. We can then point you to certification bodies suitable for part of it.
Not really. We believe our service complements penetration testing.
The aim is for business owners, DPOs, web developers, business & risk analysts and technical teams to understand the business environement their website operate in.
Our scans would be a pre-requisite to a penetration test exercise as we will help you understand the context of processing.
Penetration usually focuses on security. Bizoscore extends to privacy.
When you purchase a report, an account is created and you will be notified that you can download the report.
For that purpose, you will receive a username and password with the confirmation email (please make sure to change the password).
We don't send reports by emails as -too often- pdf reports can be filtered by anti-spam software.
Please note that while an account is created, any information gathered won't be used to send you newsletters or marketing information.
If subsquently you wish the account to be deleted, just use the contact form. Please note that once the account is deleted, you won't be able to log in, but that some information will be retained to comply with Irish and EU legal obligations. Please refer to our data protection notice for further information.
On the website, we offer a free score once our servers have scanned the site.
We then offer
Additional specific reports can be purchased thereafter. These would be discussed if you decide to purchase a meeting with us to explain the reports.
The broad report structure is:
Bizoneo, the makers of Bizocore are eager to respect people's privacy.
The site only requires functional cookies to work. You can read more about cookies clicking the cog wheel at the bottom left part of the screen.
There are currently no web statistics either as our KPIs are not based on the number of pages viewed, but rather on the number of people buying our reports.
This is called a "captcha". It is initially to try to distinguish between human and robots. Many sites use google as a captcha, but since it wouldn't be GDPR compliant, and also because we're not fans of google's mass surveillance, we use our own.
Why a maths operation?
It's easier to code than captcha images, because with images, you also need an audio alternative for blind users. It means more coding, more support. With an operation, one piece of code works in all cases.
Why give the answer?
We try to offer an inclusive alternative for people with low literacy skills. You could argue people with low literacy won't scan their websites, we don't know and don't want to discrimate. Anyway, it's easier for us to have the same approach with everyone.
Can you get the same on your website?
Clients of the Bizoneo web CMS and Client Management platform can also benefit of such captcha, visit www.bizoneo.eu for further information.
Bizoscore is offered in two versions:
Sometimes, due to various web server configurations or redirections, the scanner cannot score automatically and requires a manual intervention to adjust to the configuration.
Our team will investigate during office hours Monday to Friday and update the results.
On occasions, our scans cannot access the websites. As the scanner improves, the time to receive the notification should to.
The system will keep the email until a complete scan is available and will notify you then. The email address will then be deleted within 24h.
We are a privately owned SME and our income comes from paying clients.
The fee contributes to paying for the maintenance of our servers and for the development work required to improve the scans and the reports.
We don't track your every move on the website nor embed advertising, advertising that could compensate for charging for the report.
The fee is reasonable compared to the cost of other types of professional reports because we genuinely want to ensure that website owners secure their sites and respect the privacy of their visitors.
From experience, people a more likely to act on the vulnerabilities that the reports highlight when they buy a report.
The bizoscore.eu website runs on the Bizoneo e-Commerce solution part of the broader Bizoneo Client Management System. When you purchase from it, we place a cookie that contains information about the purchase you're about to make.