Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Rating the Security of the 2016 Presidential Candidates’ Websites

    By
    Sean Michael Kerner
    -
    March 27, 2016
    Share
    Facebook
    Twitter
    Linkedin
      presidential candidate website security

      As the spectacle that is the 2016 U.S. presidential primary season continues to unfold, candidates from all sides of the political spectrum are united in their widespread use of their own Websites to educate voters. Although all the candidates have Websites, not all are equal from a security perspective.

      So who among the remaining crop of candidates has the most secure site?

      Alex Heid, chief research officer at SecurityScorecard, has an answer. According to Heid’s research, Republican front runner Donald Trump’s Website ranks tops in terms of security while Democratic front runner Hillary Clinton’s leaves much to be desired. Heid’s analysis looked at the Trump, Cruz, Clinton, Sanders and Kasich campaign Websites.

      SecurityScorecard develops and sells a service that can rate the security of an organization, as measured by a number of external facing attributes. In February, the company launched a new capability that enables visibility in the security of third-party suppliers. The risk for many organizations isn’t always in their own infrastructure, but rather in the shared components that are pulled in from third-party suppliers.

      Heid emphasized that the SecurityScorecard analysis of the presidential candidates’ Websites did not involve any invasive penetration testing but, rather, is based on passive analysis.

      “With the political Websites, we’re able to get information just by looking at the IP addresses and by viewing the source code of the given Website,” Heid told eWEEK.

      Many modern Web browsers still enable any user to simply click “view source” to see the source code for a given site. By looking at that code, it’s possible to determine what content management system (CMS) and what plug-ins are in use.

      “We’re simply analyzing what is beaconing out—what anyone that knows where to look can find out about a Website,” Heid said.

      Heid’s analysis showed some interesting commonality across the presidential candidate Websites. Sites that belong to the Trump, Cruz and Sanders campaigns all use distributed denial-of-service (DDoS) and Web application firewall (WAF) protection from security vendor CloudFlare. The Kasich (johnkasich.com) and Clinton Websites both are hosted on Amazon Web Services, and neither had DDoS/WAF protection service in place.

      The Trump Website uses a content management system, which the SecurityScoreCard analysis showed was properly configured, without an exposed administration panel. Trump also uses PayPayl’s BrainTree payment processing system as well the Republican party’s VictoryParty.com payment processor.

      “I don’t want to say there were no misconfigurations on donaldjtrump.com; it’s just that everything seems to be good to go from the outside,” Heid said.

      In recent weeks, hactivist group Anonymous has publicly declared war on the Trump campaign, though, to date, the war hasn’t brought down the Trump Website. Heid noted that there have been DDoS attacks against the Trump Hotels Website, but the main Trump campaign Website has yet to experience any measurable downtime. Heid credits Trump’s use of CloudFlare for the Website’s ability to withstand potential attacks from Anonymous.

      “If you went to the donaldjtrump.com site over the last week or so, as Anonymous kicked off its attacks, there was some lag time, but the site has remained up,” Heid said.

      Rating the Security of the 2016 Presidential Candidates’ Websites

      Ranked in the No. 2 spot behind Trump among the best security for presidential Websites is tedcruz.org. The Cruz campaign Website, like the Trump site, also uses CloudFlare for DDoS and WAF protection. Instead of using Drupal, the Cruz campaign makes use of the open-source WordPress content management system. While Trump’s Drupal site hides its administrative interface, the Cruz Website has left its administrative portal somewhat exposed, which could represent a potential risk. It’s also easy to determine the specific WordPress template theme, Kleo, that Cruz is using.

      “So, for an attacker, it’s just a matter of waiting for a vulnerability to come along,” Heid said.

      On the Democrat side, Heid ranks the berniesanders.com campaign Website ahead of the hillaryclinton.com site, though both are behind the Trump and Cruz sites in terms of overall security. Sanders uses CloudFlare security and the WordPress CMS. As was the case with Cruz, the Sanders site had not properly hidden its administrative page.

      The Clinton Website, unlike those built by Cruz or Sanders, does not use an open-source CMS, but rather, it is custom built. The fact that Clinton isn’t using an open-source platform doesn’t necessarily make her site less secure, but it does raise some concerns.

      “If the open-source CMS is configured properly and hardened, the only way you’ll get hit is by a really potent zero-day,” Heid said. “With a custom site, there are way more moving parts that need to be double-checked.”

      With a commodity CMS, such as the open-source Drupal and WordPress applications, large communities of people are constantly looking for security issues and making it better, Heid said.

      “With a custom CMS, you’re just hoping that the developers have crossed all the t’s and dotted all the i’s.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Avatar
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×