Web Check — helping you to secure your public sector websites

Serviceteam IT Security News

The UK public sector has a huge digital estate to manage, and it isn’t easy. Many of you with responsibilities in this area have told us that you’d really like help with keeping on top of all your services and staying protected against common problems with the websites you manage. We listened. We did the research. 

And so now we’d like to introduce you to Web Check — a free to use website configuration and vulnerability scanning service, available to all UK public sector organisations.

We’ve built up steadily during development and tested with users across government. So already, Web Check is robust and it:

  • services over 300 users with a ‘quiet’* package of scans
  • scans more than 1,200 government sites every day
  • has delivered more than 2,900 findings to our users
     
Information

*The ‘quiet’ package makes fewer connections to a server than an average web user visiting a single page.

And, we are constantly expanding the range of vulnerabilities and misconfigurations on which Web Check can check and report.

“Web Check came about by listening to the experiences of local government with automated vulnerability scanning tools. We see Web Check helping system owners find and fix common issues; letting them focus on trickier issues that only people can find.”

Chief Technology Officer, NCSC Digital Government

Who can use it

Web Check is now live and currently available to those who manage websites for UK public sector bodies including:

  • local government
  • emergency services — Police, Fire and Rescue Services, NHS Ambulance Services, HM Coastguard
  • central government
  • the National Health Service
  • devolved administrations
  • Crown dependencies
  • British overseas territories

Of these, we think that local government and emergency services are particularly likely to benefit from using Web Check.

We will also look at opportunities to extend the service to the private sector in future.

What it does

First you create your own ‘watch list’ of website URLs you manage. Then Web Check runs a non-intrusive scan and reports its findings to you.  You can share your URLs and findings with colleagues and annotate findings for future reference.

Scanning

Web Check scans the URLs on your watch list and checks on whether or not your:

  • user data is protected both in transit and in the user’s web browser
  • website is well engineered and modern technologies are in use to protect it, such as HTTP Strict Transport Security (HSTS) and Content Security Policy (CSP)
  • servers and their software are patched

Web Check does this on an ongoing basis, so it will inform you of new issues as they emerge and as new checks are added.

Reporting

Web Check reports to you, breaking down information about each website into several groups of findings:

  • positive — site configurations that conform to best practices
  • informational — configurations that you could optimise, or information that you may find useful
  • advisory — configuration problems that leave the site vulnerable
  • urgent — serious configuration problems that you should fix without delay
     
Focusing on your certificates

Data from our trial users suggest that most urgent findings arise in sites that have misconfigured or outdated certificates (the data files that allow secure connections from a web server to a web browser). These issues can lead to insecure transactions and error messages, both of which harm the relationship between citizens and the public service they are using.

We aim to do more in this area, so that Web Check can help you set up and manage your certificates better.

“We use Web Check on new and existing URLs to check for common vulnerabilities and to ensure we have set sites up in line with current recommended practice. It gives peace of mind to know we will get notifications from the service if any future issues occur. If you are considering using this free service I would thoroughly recommend signing up.”

Senior Project Manager, Local Authority

How to get started with Web Check

If you’re among those we mentioned (Who can use it), then go ahead and create an NCSC Signin account at www.webcheck.service.ncsc.gov.uk. You can request access from there.

Source: National Cyber Security Centre

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

/by
You might also like
Serviceteam IT Security News Focus on WordPress
Serviceteam IT Security News Cyber-attack on UK’s Defence Academy caused ‘significant’ damage
Serviceteam IT Security News Microsoft Patches 20 Critical Vulnerabilities
Serviceteam IT Security News Gojdue Variant Eludes Microsoft, Google Cloud Protection, Researchers Say
Serviceteam IT Security News No 10 accused of failing to act against states accused of NSO spyware abuses
Serviceteam IT Security News Password guidance summary: how to protect against password-guessing attacks