How good is your web site security?

(Update August 28, 2018: I am delighted to report that the firm mentioned below, that had had a “C” rating for their web site security, has today corrected the problem and now has an “A” rating.)

There are many ways that a web site could be insecure.  One of the ways is to implement SSL (“https://”) poorly.  It turns out to be quite easy to find out whether your SSL implementation is strong or weak.  You simply plug your web address into the SSL tester provided by Qualys.  Maybe your web site will get an A+ rating!  Here are how some well-known intellectual property law firm web sites performed in this SSL test.

My starting point was the 2017 US Design Patent Tote Board which ranks firms by the number of US design patents obtained in 2017.  Each firm has a web site, of course, and I plugged each web site into the SSL tester.  (In this table of results I have omitted the names of the firms, but you could do the tests yourself and you could pretty quickly figure out which firm got which rating.)  Here are the results for the first few firms:

overall PFS HSTS CAA CA notes
A yes no no Let’s Encrypt
C some yes no Let’s Encrypt vulnerable to Poodle attack
A yes no no Let’s Encrypt
A yes no no RapidSSL
A+ yes yes no Let’s Encrypt

As will be seen, one of the firms has a web site that got an overall rating of “C” and is vulnerable to a Poodle attack.  One firm got an A+ rating.  The others got A ratings.  I was interested to see that only one of the firms still pays money for its SSL certificate — four of the firms have migrated to the free-of-charge Let’s Encrypt service.  All of the firms tested have PFS (Perfect Forward Secrecy), but only two have HSTS turned on.  Not one of the firms has set up CAA protection.

How are patent office web sites doing?  I tested some of them just now and here are the results.

How does your firm’s web site rate on the SSL test?  (This blog gets an A+, as does my firm’s main web site and my firm’s shopping cart system.)  Post your good result in a comment below!

2 thoughts on “How good is your web site security?

  1. Pingback: SSL security ratings for some patent office web sites - Ant-like Persistence

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.