Security Directory

V

vedisys AG

vedisys.de

40

vedisys AG is a German software company specializing in providing modular, scalable software solutions for public transport companies (ÖPNV). Their flagship product, AMIS®7, supports multichannel sales, subscription management, ticketing, and customer dialogue platforms. The company has a strong market presence since 1996 and integrates with partner platforms such as mobilityportal® and payment services like Payone. The website reflects a professional and comprehensive digital presence with detailed product information, customer testimonials, and news updates. Technically, the site is built on WordPress with modern plugins and SEO optimizations, but lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security gap. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, the security posture is basic and requires urgent improvements to SSL/TLS and security headers to protect user data and enhance trust.

B

banibis GmbH

banibis.com

57

banibis GmbH is a small Austrian technology company specializing in modular ERP software solutions tailored for small and medium-sized enterprises, particularly in the trade and service sectors. Their cloud-based ERP system offers comprehensive features including CRM, project management, purchasing and sales, and accounting, with a strong emphasis on customization and customer-centric support. The company maintains a professional online presence with clear contact information, social media integration, and compliance with GDPR and cookie consent regulations. Technically, the website is built on WordPress using the Divi theme, enhanced with various plugins for performance optimization, analytics, and user interaction. The infrastructure is hosted via domaintechnik.at, with a moderate performance profile and good mobile optimization. However, the absence of a valid SSL certificate and lack of modern TLS protocols represent significant security shortcomings that could impact user trust and data protection. From a security perspective, while the site implements SPF records and avoids common vulnerabilities like Heartbleed and POODLE, the lack of HTTPS and missing DMARC records are critical gaps. No explicit security or incident response policies are publicly available, which may affect the company's security posture and compliance readiness. Overall, banibis GmbH demonstrates a solid business and technical foundation with room for improvement in security practices. Addressing these vulnerabilities will enhance trust, compliance, and user confidence in their digital offerings.

Q

Qwist GmbH

qwist.com

63

Qwist GmbH is a leading open finance platform operating primarily in the DACH and Iberian markets, offering a comprehensive suite of B2B2X financial technology products. Their key offerings include digital account and portfolio switching, open banking compliance solutions, financial data analytics, and digital lending integration. The company positions itself as the #1 open finance company in its region, serving major banks and financial institutions with a strong investor backing from Finch Capital and Finleap. Technically, the website is built on WordPress with the Divi theme and leverages modern marketing and analytics tools such as HubSpot, Matomo, and SalesLoft. The site employs GDPR-compliant cookie consent via Cookiebot and maintains a valid SSL certificate, although some security enhancements like HSTS and DNSSEC are absent. Performance is moderate with good mobile optimization and SEO practices. From a security perspective, Qwist demonstrates solid foundational practices including SPF and DMARC email protections and encrypted communications. However, the absence of advanced DNS security measures and a public security or incident response policy suggests room for improvement. No critical vulnerabilities were detected in the current analysis. Overall, Qwist presents a professional and trustworthy digital presence aligned with its market leadership in open finance. Strategic security enhancements and transparency in incident response would further strengthen its risk posture and customer confidence.

C

Corporate Digital Responsibility Award

cdr-award.digital

67

The Corporate Digital Responsibility Award website serves as a platform to recognize and promote outstanding corporate responsibility in digital transformation within the DACH region. It targets organizations committed to sustainable and ethical digital practices, offering awards, conferences, and networking opportunities. The site is well-branded, content-rich, and supported by reputable partners, positioning it as a leading initiative in its niche. Technically, the website is built on WordPress with common plugins such as Contact Form 7 and Borlabs Cookie for consent management. Despite good SEO practices including structured data and meta tags, the site suffers from performance issues with a high load time and large page size. Mobile optimization and accessibility are rated good, but the lack of a valid SSL certificate and modern TLS protocols significantly undermines the security posture. Security-wise, the absence of HTTPS and modern encryption protocols exposes users to risks, and no advanced security headers or incident response information are present. The site does implement SPF for email protection and shows no signs of subdomain takeover vulnerabilities. Overall, the security maturity is low, requiring urgent improvements to protect user data and enhance trust. Strategically, the site should prioritize securing its infrastructure with valid SSL certificates and modern protocols, enhance security headers, and provide clearer contact and incident response information. These steps will improve user trust, compliance with regulations, and overall resilience against cyber threats.

F

Fim Europe

fim-europe.com

60

Fim Europe is a prominent European motorcycling union serving as a governing body for motorcycling sports across Europe. The organization provides regulatory frameworks, organizes sporting events, and disseminates news and information to motorcycling enthusiasts and federations. Positioned as a leading entity in the transportation sports sector, Fim Europe targets motorcycling participants, federations, and stakeholders with a non-profit business model focused on sport governance and community engagement. The website reflects a medium-sized organization headquartered in Switzerland with additional offices in Italy. Technically, the website is built on WordPress with a mature technology stack including jQuery, Owl Carousel, and various WordPress plugins such as Yoast SEO and Contact Form 7. Hosting is provided by DreamHost. Performance is moderate with room for optimization, and mobile responsiveness is good. SEO practices are well implemented, and social media integration is robust. From a security perspective, the site has a valid SSL certificate but lacks modern TLS protocol support and security headers. No DNSSEC or CAA records are configured, which could improve domain security. Cookie consent mechanisms and privacy policies are in place and GDPR compliant. However, no explicit security policy or incident response information is found, and no vulnerability disclosure or security.txt file is present. Overall, Fim Europe’s website is professional and trustworthy with good content quality and user experience. Security posture is adequate but could benefit from enhancements in SSL configuration, security headers, and incident response transparency. Strategic improvements in these areas would strengthen trust and compliance, supporting the organization's reputation and operational resilience.

P

Pariplay Limited

pariplayltd.com

60

Pariplay Limited is a leading global iGaming aggregator and content provider operating under the parent company Aristocrat Interactive. The company offers a comprehensive aggregation platform (Fusion®), a publishing platform (Ignite®), and a bespoke game portfolio targeting regulated markets worldwide. Their market position is strong, supported by multiple regulated licenses and strategic partnerships with tier 1 operators. The website reflects a mature digital presence with a focus on user experience and compliance. Technically, the site is built on WordPress with the Divi theme, leveraging modern marketing and analytics tools such as Google Analytics, Google Tag Manager, and LinkedIn Insight Tag. Security measures include a valid SSL certificate, HSTS enforcement, and GDPR-compliant privacy and cookie policies. However, the SSL configuration lacks modern TLS protocol support, which is a notable gap. Overall, the company demonstrates a solid security posture with room for improvement in SSL protocols and additional security headers. The absence of a public vulnerability disclosure policy and terms of service are areas to address. Strategic recommendations include upgrading TLS protocols, publishing a security.txt file, and enhancing accessibility and security headers to strengthen trust and compliance.

I

INVIDI Technologies Corporation

invidi.com

62

INVIDI Technologies Corporation is a market leader in addressable TV advertising solutions, providing technology that enables household-level targeting to maximize advertising effectiveness and reduce waste. Their solutions serve advertisers, distributors, and programmers globally, leveraging set-top box data and other addressable-enabled devices. The company maintains a professional and content-rich website built on WordPress with a focus on clear messaging and user engagement. Technically, the site uses modern web technologies and integrates Google Tag Manager for analytics and CookieYes for cookie consent management. Security posture is solid with a valid SSL certificate and secure cookie settings; however, the lack of modern TLS protocols and missing security headers indicate room for improvement. Privacy and terms of service policies are present and comprehensive, supporting GDPR compliance. Overall, the website demonstrates a mature digital presence with good user experience and trust indicators.

V

Vodafone Stiftung Deutschland gGmbH

vodafone-stiftung.de

71

The website exhibits a generally strong technical security posture in areas such as email security, SSL/TLS configuration, and network security. However, there are significant compliance and governance gaps, particularly related to GDPR and the NIS2 directive, exposing the business to legal and regulatory risks in the EU. Critical issues include missing privacy measures for EU users and the absence of a structured information security framework, incident response, and business continuity planning. Medium-level technical issues like missing security headers, mixed content, and lack of DNSSEC further weaken the security posture. The lack of cookie policy and consent mechanisms also jeopardizes user trust and compliance. Overall, while foundational security controls are present, urgent attention is needed on data privacy, regulatory compliance, and formalizing security policies to mitigate risk and avoid potential fines or reputational damage. Addressing these gaps will enhance legal compliance, customer confidence, and resilience against cyber threats.

B

Bricz

bricz.com

64

The website demonstrates significant security and compliance gaps, particularly in foundational security headers and regulatory adherence, which expose the business to increased risk of data breaches, regulatory penalties, and reputational damage. Although no critical vulnerabilities were found, multiple high and medium risk issues related to missing security headers, incomplete GDPR compliance, and absence of essential NIS2 security frameworks indicate inadequate protection and governance. Email security and network security show relatively strong posture, but weaknesses in SSL/TLS management and DNS configuration could impact trust and data integrity. Immediate attention is needed to establish security policies, incident response capabilities, and enforce data protection measures to align with industry standards and regulations. The low scores in security headers, GDPR, and NIS2 compliance highlight urgent areas that require remediation to safeguard customer data, maintain regulatory compliance, and ensure business continuity. Overall, the website’s security posture is currently insufficient for high-risk operational environments and requires prioritized remediation to reduce exposure and improve stakeholder confidence.

The website demonstrates a generally strong security posture with no critical or high-risk issues detected. SSL/TLS and network security configurations are robust, scoring 100/100, ensuring encrypted communications and a solid network defense. However, there are medium-level concerns related to missing or misconfigured security headers, GDPR compliance, NIS2 readiness, and DNS security enhancements such as the lack of DNSSEC. Low-level issues in email security, including complex SPF records and absence of DMARC reporting, could affect email deliverability and phishing protection. Addressing these medium and low-level issues will reduce potential attack vectors, improve regulatory compliance, and enhance overall trustworthiness. Proactively resolving these gaps aligns with both security best practices and business continuity goals. This balanced approach will help protect brand reputation, customer data, and meet evolving regulatory requirements effectively.

U

USLI

bizresourcecenter.com

58

The website exhibits significant security weaknesses, particularly in foundational security controls such as HTTP security headers, email authentication, and compliance with GDPR and NIS2 regulations. Critical gaps like the absence of email authentication and incident response procedures expose the business to phishing risks and operational disruption. Missing key headers such as Strict-Transport-Security and Content-Security-Policy increase susceptibility to man-in-the-middle attacks and cross-site scripting. Compliance-related issues, including lack of cookie policies and privacy measures, present legal and reputational risks. While network security and DNS health show relatively strong postures, the presence of weak SSL configurations and expiring certificates further degrade trustworthiness. Overall, these vulnerabilities could lead to data breaches, regulatory penalties, and loss of customer confidence. Immediate remediation focused on critical security controls and compliance frameworks is essential to safeguard business operations and reputation.

M

Monaco Planning

monacoklanten.nl

52

The website's security posture is currently weak, with significant gaps in foundational security controls and compliance measures. Critical and high-severity issues predominantly stem from missing essential HTTP security headers, absent GDPR compliance elements, and lack of formal information security frameworks aligned with NIS2 regulations. These deficiencies expose the business to data breaches, regulatory penalties, and reputational damage, especially given the critical GDPR non-compliance for an EU business. While network and DNS security show relatively better maturity, critical gaps remain such as exposed SSH services and missing DNSSEC. Email security is moderately sound but can be further improved. SSL/TLS configurations need urgent attention to avoid man-in-the-middle attacks and ensure secure communications. Addressing these issues promptly will strengthen defense against cyber threats and demonstrate due diligence to customers and regulators.

P

Phoenix Hotel Management Company

phoenixhmc.com

38

The website's overall security posture is critically weak, exposing the business to significant risks from data breaches, regulatory penalties, and operational disruptions. Key foundational controls such as HTTPS encryption, security headers, and incident response mechanisms are missing, leaving data vulnerable in transit and at rest. Compliance with GDPR and NIS2 regulations is severely lacking, increasing legal and financial exposure. Sensitive services like MySQL and PostgreSQL are openly accessible, creating high-risk attack vectors. Although email security and DNS health are relatively stronger, critical gaps in network and application security overshadow these strengths. Immediate remediation is essential to protect customer data, maintain trust, and ensure regulatory compliance. Without urgent action, the business faces potential data loss, reputational damage, and costly fines. Strengthening security controls will also support business continuity and resilience against cyber threats.

M

Manens S.p.A.

manens-tifs.it

48

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation. Key security headers that mitigate various web attacks are largely missing, increasing the risk of cross-site scripting, clickjacking, and content sniffing attacks. Compliance with GDPR and NIS2 regulations is significantly lacking, posing legal and reputational risks, particularly due to missing cookie consent mechanisms, insufficient privacy policies, and lack of incident response and security documentation. Although email security and network security are relatively strong, critical deficiencies in web security and regulatory compliance overshadow these strengths. The absence of an information security framework and business continuity planning further jeopardizes operational resilience. Immediate remediation is essential not only to protect sensitive data and privacy but also to maintain customer trust and avoid substantial regulatory penalties. Without prompt and focused improvements, the business faces heightened exposure to cyber threats and compliance violations.

E

Engineering Search Firm

esf.careers

42

The website's security posture is currently weak and exposes the business to significant risks, including data breaches, regulatory non-compliance, and reputational damage. Critical issues such as the absence of HTTPS encryption and missing key security headers leave user data vulnerable to interception and attacks like clickjacking and cross-site scripting. The lack of GDPR compliance elements, including privacy policies and cookie consent mechanisms, further increases legal exposure. Additionally, there is a severe deficiency in adherence to NIS2 requirements, with no security frameworks, incident response plans, or security policies documented. While network security and email security show relatively strong scores, foundational SSL/TLS protections and DNS security features like DNSSEC are inadequate or missing. Immediate remediation is essential to protect sensitive customer information, comply with regulations, and maintain trust. Without swift action, the business risks financial penalties and operational disruptions.

J

Johnson Controls

johnsoncontrols.com

68

The website demonstrates a moderate security posture with no critical vulnerabilities found; however, several high and medium-risk issues significantly impact compliance and risk management. Key deficiencies exist in GDPR compliance, including the absence of privacy and cookie policies and lack of user consent mechanisms, exposing the business to regulatory penalties and reputational damage. The absence of a documented information security framework, incident response procedures, and security policies under NIS2 guidance further increases organizational risk and may hinder regulatory adherence. Security headers are inconsistently implemented, reducing protection against common web threats like XSS and content sniffing. SSL/TLS configurations are generally strong but require timely certificate renewal and elimination of mixed content to maintain secure communications. DNS settings are mostly healthy but can be improved by enabling DNSSEC to prevent domain spoofing. Positively, email and network security postures are robust, mitigating some external attack vectors. Overall, urgent attention to compliance and governance-related controls is critical to safeguard the business and maintain trust with users and regulators.

B

BondTM

bondtm.com

46

The website bondtm.com currently exhibits a critically weak security posture, primarily due to the complete lack of HTTPS encryption and missing essential security headers, exposing it to data interception, clickjacking, and other web-based attacks. Additionally, significant compliance gaps with GDPR and NIS2 regulations pose substantial legal and operational risks to the business. Immediate action is required to secure the site, protect user data, and align with regulatory requirements.

A

AMI

ami.com

55

The website ami.com currently has a critically poor security posture, primarily due to the absence of HTTPS encryption and significant GDPR and NIS2 compliance gaps. This exposes the business to severe legal, reputational, and operational risks, including data breaches and regulatory penalties. Immediate remediation is necessary to protect sensitive data, ensure regulatory compliance, and maintain customer trust.

B

Bouygues Telecom Business C2S

c2s.fr

50

The website's security posture is currently inadequate, with critical vulnerabilities severely undermining trust and compliance. The absence of HTTPS encryption is a critical flaw, exposing data in transit to interception and violating GDPR and NIS2 regulations, which poses substantial legal and reputational risks. Key GDPR compliance failures, including missing privacy and cookie policies and lack of a cookie consent banner, further expose the business to regulatory penalties and customer distrust. The lack of documented information security frameworks, incident response procedures, and security policies indicates poor organizational security maturity, increasing risk of prolonged breaches and operational disruptions. While network security and email security show strengths, foundational issues like missing secure headers and DNS best practices need attention. Immediate remediation of critical and high severity issues is essential to protect sensitive data, maintain customer trust, and avoid costly compliance fines. Overall, the business must prioritize establishing secure communication, regulatory compliance measures, and formal security governance to improve its security posture reliably.

M

mim | interiors

miminteriors.com

64

The website miminteriors.com currently exhibits a weak security posture with multiple high and medium risk issues, particularly in web security headers, GDPR compliance, and organizational security policies. While network security and SSL/TLS configurations are relatively strong, the absence of key security controls and privacy policies exposes the business to legal, reputational, and operational risks.

I

International Business Center Monaco (IBC)

ibcmonaco.com

59

The website https://ibcmonaco.com exhibits significant security gaps with a predominantly weak security posture, especially in security headers, GDPR compliance, and NIS2 framework adherence. While network security and DNS health show relative strength, critical issues like missing essential security headers, lack of incident response policies, and expiring SSL certificates pose substantial business and regulatory risks. Immediate remediation is necessary to protect customer data, maintain trust, and comply with regulatory requirements.

The website https://www.e-radio.lv/ currently exhibits a poor security posture with critical gaps in fundamental web security headers, GDPR compliance, and incident response preparedness. These deficiencies expose the business to legal risks, data breaches, and reputational damage, especially given its EU jurisdiction. Immediate remediation is essential to protect customer trust and ensure regulatory compliance.

The website wonderfulwv.com currently exhibits a weak security posture with critical gaps in fundamental web security headers, GDPR compliance, and incident response preparedness, exposing the business to regulatory, reputational, and operational risks. Despite a strong network security foundation, significant improvements are needed across email authentication, SSL/TLS configuration, and security governance to safeguard customer data and maintain trust.