Black Kite
Cyber Risk Assessment LOADING... PLEASE WAIT
All rights reserved. © 2025 Black Kite, Inc.
X
Cyber Risk Scorecard Logo
Intapp
Cyber Risk Scorecard
Rating: Excellent
Export As Pdf
A
Safeguard
A
Privacy
A
Resiliency
A
Reputation

How to read this report?
This report evaluates the security posture for 4 main groups namely Safeguard, Privacy, Resiliency & Reputation and 20 unique categories. This data is compiled into a simple, readable report with letter-grade scores to help identify and mitigate potential security risks. Each category has summary or top riskiest assets and technical details along with mitigation, compliance, standards & regulation details can be found at the bottom of each category and the Knowledge Base.



Safeguard
Privacy
Resiliency
Reputation
i
Digital Footprint
A
Patch Management
B
Application Security
A
CDN Security
B
Website Security
B
SSL/TLS Strength
A
Credential Mgmt.
A
Hacktivist Shares
A
Social Network
C
Information Disclosure
A
Attack Surface
A
DNS Health
A
Email Security
A
DDoS Resiliency
A
Network Security
A
Brand Monitoring
A
IP Reputation
A
Fraudulent Apps
A
Fraudulent Domains
A
Web Ranking

The Methodology
Cyber Risk Scorecard uses Open Source Intelligence services to collect, analyze and report security related events and findings. Security companies and hackers are always scanning publicly accessible networks and share their data on the internet. This commonly referred to as Open-Source Intelligence (OSINT).

Following mindmap shows how hackers can leverage their attack vectors by using OSINT services like hacker forums, social networks, Google, leaked database dumps, paste sites or even legitimite security services like VirusTotal, Censys, Cymon, Google Safe Browsing etc.

Cyber Risk Score Map

Black Kite Cyber Risk Scorecard is a service that reports your business’s public access methods for possible security risks, such as known but unpatched vulnerabilities or open network ports. Black Kite also scans social media, darkweb forums, and other sources of information leaks, looking for information about your company such as compromised passwords, emails, or network structure details, as well as other attack methods such as fake websites or programs masquerading as legitimate sites or products of your business.

This data is compiled by Black Kite into a simple, readable report with letter-grade scores to help identify and mitigate potential security risks. Black Kite does all of this without scanning or modifying any of the company’s business assets.

Black Kite uses what is called open-source intelligence (OSINT) to gather information. Both hackers and legitimate security companies are continually publishing to, and scanning, social media websites and networks for information on vulnerabilities. The following map shows how hackers can leverage their attack vectors by using OSINT resources like hacker forums, social networks, Google, leaked database dumps, paste sites or even legitimate security services like VirusTotal, Censys, Cymon, Shodan or Google Safe Browsing. Black Kite’s Passive Scorecard assesses an organization in these areas using the techniques described above.

To generate the scorecard, Black Kite needs only the company domain. The asset discovery engine collects the related information from VirusTotal, PassiveTotal, web search engines and other Internet wide scanners. Black Kite has one of the largest IP & Domain Whois databases which holds more than 1 billion historic items. The asset discovery engine searches the database in order to find all IP address ranges and domain names that belong to the company. The result of the asset discovery engine is the company assets, which is used as the input for passive vulnerability scanner, configuration scanner, threat intelligence agent and reputation engine.

Results from the public-facing assets
Digital Footprint
# of items
i
 1834
Digital Footprint is determined by open ports, services and application banners. This information is gathered from Black Kite Crawlers, Censys, Shodan, VirusTotal, Alexa etc..
SSL/TLS Strength
Score # of findings
B
2864
SSL/TLS configurations and vulnerabilities are provided by several third-party online services. The results come from various online SSL grading services like Qualys SSL Labs scanner, HTBridge, Mozilla Website Observatory etc.
Attack Surface
Score # of findings
A
50
Attack surface is the technical analysis of open critical ports, out-of-date services, application weaknesses, SSL/TLS strength, and any misconfigurations. This information is gathered from Censys and Shodan databases and service/application versions are correlated with other subcategories' results.
Patch Management
Score # of findings
A
5
Company asset system versions are collected from internet-wide scanners like Censys, Shodan, Zoomeye etc. These version numbers are converted into the corresponding common platform enumeration number (CPE-ID) and are correlated with NIST NVD and MITRE CVSS databases to detect and approximate any unmitigated known vulnerabilities.
DNS Health
Score # of findings
A
5
The DNS Health report is generated from 40+ control items which are collected from online services like IntoDNS, Robtex, Netcraft, and HackerTarget. Since DNS queries are recursive, it is almost impossible to detect a hacker’s footprints from the DNS servers.
Application Security
Score # of findings
B
194
The contents of each web application are collected from various internet-wide scanners and are analyzed for application level weaknesses i.e. Cross Site Request Forgery, Cross Content Mixing, Plain Text Transmission of Sensitive Information etc. The results are also correlated with MITRE CWE database to detect the severity level of each finding.
Email Security
Score # of findings
A
2
Potential email servers and SMTP misconfigurations like open relay, unauthenticated logins, restricted relay, and SMTP 'Verify' vulnerabilities are collected from the online services like MxToolbox and eMailSecurityGrader.
Website Security
Score # of findings
B
1
This is a special analysis of the company’s main website(s). The findings are collected from the SSL/TLS Strength, Patch Management, Application Security, Web Ranking and Brand Monitoring sub-categories.
Network Security
Score # of findings
A
5
This section analyzes network level problems and detects any open critical ports, unprotected network devices, misconfigured firewalls, and service endpoints on public-facing assets.

Results from cyber (hacker sites, social media, etc.)
Brand Monitoring
Score # of findings
A
1
Brand monitoring is a business analytics process concerned with monitoring various channels on the web or other media to gain insight about the company, brand, and anything explicitly connected to the company in cyberspace.
Credential Mgmt.
Score # of findings
A
0
There are 5+ billion hacked emails and passwords available on the internet and underground forums. This section shows the leaked or hacked emails and passwords that were discovered. * Only the findings that have upper than low severity levels are shown.
IP Reputation
Score # of findings
A
5
The asset reputation score is based on the number of IPs or domains are blacklisted or that are used for sophisticated APT attacks. The reputation feeds are collected from VirusTotal, Cymon, Firehol, BlackList DNS servers, etc.
Hacktivist Shares
Score # of findings
A
0
Hackers publicize their targets in underground forums or on the darkweb. Black Kite collects information from hundreds of darkweb forums, criminal sites, and hacktivist sites and filters the results for information pertaining to the company.
Fraudulent Apps
Score # of findings
A
49
Fraudulent or pirate mobile or desktop applications are used to hack or phish employee or customer data. Possible fraudulent or pirate mobile or desktop apps on Google Play, App Store and pirate app stores are provided.
CDN Security
Score # of findings
A
6
A content delivery network (CDN) is a large distributed system of servers deployed in multiple data centers across the Internet. Companies use CDNs for online libraries like JQuery. This section analyzes the CDN content to detect possible vulnerabilities.
Social Network
Score # of findings
A
16
Hackers publicize their targets or victims on social network sites to motivate other hackers to attack the same target. The results are filtered from billions of pieces of social media content.
DDoS Resiliency
Score # of findings
A
6
This section shows the result of 15 different potential DDoS checks and detects any potential DrDoS amplification endpoints. The data is collected from non-intrusive scanners and other internet-wide scanners.
Fraudulent Domains
Score # of findings
A
133
Fraudulent domains and subdomains are extracted from the domain registration database. The registered domains database holds more than 300M records.
Information Disclosure
Score # of findings
C
32
Misconfigured services or other public assets may disclose local IPs, email addresses, version numbers, whois privacy records, and other sensitive information to the internet.
Web Ranking
Score # of findings
A
1
Cisco, Alexa, and Majestic track web sites and rank them according to popularity, back-links, references, etc. This subcategory shows Alexa and Majestic trends, Google Page insight speed test results as well as Web Content Accessibility Guidelines (WCAG) 2.0 parsing compliance findings.
Compliance
# of Regulations
i
 24
Cybersecurity standards and regulations provide policy frameworks of computer security guidance for private and public-sector organizations. They provide a high-level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes. Major regulations within this section include NIST 800-53, GDPR, ISO 27001, PCI-DSS, HIPAA, COBIT.

Scroll to top
Black Kite Confidential & Proprietary
All rights reserved. © 2025 Black Kite TM, Inc.