What does the SIWECOS Score mean?
The SIWECOS Score is merely an additional visualization of the security status of your website. The results that the individual scanners provide are considerably more important for the security status of your websites.
You are on the safe side as long as the score displayed for your websites is in green, regardless of whether the score is 85, 95, or 100. In this case, any missing points merely represent recommendations for optimal configuration.
If the SIWECOS Score for your website shows up in yellow, we recommend fixing the vulnerability, as it puts your website at a certain level of risk.
If the SIWECOS Score is displayed in red, then there is at least one significant security problem with your website. We strongly recommend you fix this vulnerability as soon as possible, because you may otherwise be defenseless against possible cyber attacks.
Further information on the individual scanners and the vulnerabilities they detect can be found along with recommended solutions and actions on our SIWECOS wiki at https://www.siwecos.de/wiki/Hauptseite
How is the SIWECOS Score calculated?
The SIWECOS Score for your website is calculated on the basis of over 100 different factors which are weighed differently according to the detected vulnerability and segments checked on your website. In addition, the 5 SIWECOS scanners provide their own results for their respective scan segments.
These partial results help you to find and fix the detected vulnerability in a targeted manner.
Why is my total score displayed in red even though 4/5 SIWECOS scanners display a result in green?
We deliberately calculate a low total score if a critical vulnerability is detected. In this way, we hope to prevent website operators from falling into a false sense of security if, for example, 37/39 scanners find no vulnerabilities.
If, for example, an exploit has been placed on your website, then your website is insecure even if every other scan is completed without the detection of any errors. Similarly, this also applies if, for example, the version of the content management system you use has a proven vulnerability. Equally, lack of encryption, or the existence of severe security gaps such as Heartbleed or DROWN will influence the total score.
Can I access a more detailed result for my score?
Please note that we are not able to provide you with a more detailed list of results for the calculated score. We hope to provide you with the best possible support towards solving any security problems with the results of the individual scanners and tests provided in the overview, and with the recommendations in our wiki. As mentioned earlier, the score is meant only as a visual indication of the results.
Feedback, notes, and comments
We are open to any feedback, notes, or comments on SIWECOS. This of course also includes our calculation of the SIWECOS Score or the weighting of individual scan and test firstname.lastname@example.org