A safe internet for everyone

How secure is your government?

Your government has countless websites and online services. Sensitive, personal information is transmitted over the internet, but how well is it protected? Is there privacy?

Web Security Map makes this visible. Its results stimulates your government to better protect their citizens online.

Find out how well your government is doing, run Web Security Map, or check out the case study.



About us

Monitor your government! is an initiative of the Internet Cleanup Foundation . Our mission is to make the internet secure and safe. We develop open source software to do so.

Web Security Map uses transparency to set tangible and clear goals for improvement. Its impact in The Netherlands was stunning.

The SIDN Fund granted us the ability to advance Web Security Map to make an impact globally.

Create a safe internet, run Web Security Map!

Map displaying basic security of the Netherlands at the beginning of 2019
Web Security Map of the Netherlands, 2019

Impact in the Netherlands

The Netherlands got a lot safer!

The Netherlands is a small country in Europe. In it live 17 million people. The country has a proud internet culture. This was the ideal location to start making the change.

We developed and deployed Web Security Map here. We tested it on municipalities. Municipalities in the Netherlands manage a lot of sensitive data: who lives here, welfare programs, marriage, childcare and more.

Fully automatically, Web Security Map discovered well over 7000 web addresses. Each of these have been monitored for basic security: the simplest and trivial security needed to provide secure internet services.

The resulting map was red. Nobody did it right. But that changed. When released many municipalities started improving. And so many issues were fixed that some even did it right 100% of the time.

The impact in the Netherlands was massive, and measurable! It changed the way IT departments work, it changed budgets, it improved focus! Thousands of vulnerabilities where fixed, making the internet safer: including removal of old and costly infrastructure, saving money in the process.

Now it's time to spread this impact over the world. All the tooling is freely available and open source. You can create transparency in your part of the world, and drive the change.

Get started! Watch the installation video!


 

Municipalities in the Netherlands, 2017, week 45.
The Netherlands, 2017, week 45
Municipalities in the Netherlands, 2018, week 9.
The Netherlands, 2018, week 9

 
Municipalities in the Netherlands, 2018, week 15.
The Netherlands, 2018, week 15
Municipalities in the Netherlands, 2018, week 20.
The Netherlands, 2018, week 20
Watch the live example of The Netherlands

Example measurement: DNSSEC

Below video shows the adoption of DNSSEC at municipalities in the Netherlands in 2018.

See the changes in the Netherlands in 2018. You will notice a lot less red areas. The large red spot at the end is an address that is shared over many municipalities. This counts as a single issue.

 

 

Missing DNSSEC dropped from 80 to 18 instances.
Missing DNSSEC dropped from 80 to 18 instances.

Use Cases

Suitable for your organization

Web Security Map is free and open source. It can be used by anyone, anywhere.

Yet, we suspect the four types of organizations below will benefit the most.

 

For Governments

Yearly your government creates large amounts of new online services. Being in control is an enormous challenge. Web Security Map eases this to a large extent by creating insight into large amounts of data.

  • Be in control over huge amounts of datapoints
  • Perform comply or explain privately or publicly
  • Replace homebrew solutions with software that scales
  • Professional support available on top of free training
  • Fully open source, supporting open data

 

Example numbers of Dutch Municipalities

 

Each monitored aspect can be configured and filtered.
Each monitored aspect can be configured and filtered.

For Compliance Agencies

The IT landscape is continuously changing. New security requirements come from legislation and improved standards.

  • See how your campaigns influence the world
  • Automatic discovery and removal of URLs
  • Perform continuous baseline audits
  • Full screen dashboarding with daily to hourly updates
  • Historical graphs and insight in progression

For Digitial Rights Organizations

Create a safe and better internet. Use transparency to drive the change.

  • Publicize results that are easy to understand
  • Create tangible actions, drive the change
  • New opportunities for press releases and PR
  • Fully open source, with open data
  • Publicize the impact of auditors and regulations
  • Create transparency where there was none

 

See the amount of issues change over time.
See the amount of issues change over time.

 

Get up to date data sets with resolving urls
Get up to date data sets with resolving urls.

For Security Researchers

Need an updated set of URLs for a yearly test? Need to visualize the outward facing parameter?

  • Identify and visualize the outward facing perimiter
  • Quickly get an insight in basic security
  • Get reports for thousands of urls
  • Create high quality datasets for use in other tools

Find out today!

With just a few commands, you have your Web Security Map installation running. Video examples are provided for each step of the process. You can have your installation up and running in no time.

Web Security Map makes it very easy to monitor regions around the world. Data is imported from Open Street Maps and Wikidata. With a few simple steps you can start to publish new results.

Web Security Map can also monitor any other groups of organizations. You can decide which ones using the spreadsheet import.

Get started! Watch the installation video!


Great documentation and features

We provide a number of training videos and other documentation to get you started. Web Security Map can monitor a lot and is a very powerful tool.

The Internet Cleanup Foundation, as well as volunteers on the project can help you make sure that you are up and running swiftly.

Show me all the features!


What is basic security?

About Basic security

Web Security Map monitors a variety of modern security standards. These are the minimum for operating an internet service securely. Many of these are already required for many organizations.

For example: when visiting a website, a secure (HTTPS) connection is needed. This connection guarantees that you're seeing the site as the authors intended. This connection also guarantees that you and the website have privacy for everything that is transferred between you and the site.

While these standards are well-known and mandated, it's often shocking to see how little they are used. Even with the hundreds of thousands of security audits happening daily, we still have a long road ahead of us. Web Security Map helps to create transparency, transforming security in a tangible action.

Scope and balance

Web Security Map is created to only improve security. Transparency is a very powerful tool. We carefully chose what Web Security Map can open up to the world. That's why it centers itself around basic security.

Basic security centers itself around a limited set of security options. These options are designed to improve privacy and security. Visitors of services should be able to use these options by default, without compromise and without knowledge or configuration.

Security issues outside of the realm of basic security are dangerous. They are the stuff you read about in the papers: data breaches, site hijacks and so on. Would this be published, the internet becomes a more dangerous place. That's why Web Security Map explicitly does not monitor and publish these.

Monitored

On the roadmap

Never monitored

Feature highlights

Map displaying basic security of the Netherlands at the beginning of 2019
Web Security Map of the Netherlands, 2019

Extensive Map View

Create maximum impact: one map says it all.

  • Clearly communicate about basic security
  • Display regions and locations.
  • Display multiple layers
  • Search and filter everything
  • Auto import regions using Open Street Map
  • View historic results per week and see improvement
Map view: trivial to understand and to easy communicate.
Map view: trivial to understand and to easy communicate.
Multiple countries and regions.
It's possible to show multiple countries and layers.
Filtering on the map view for specific issues
Filtering on the map view for specific issues
Full screen display mode.
Full screen display mode.

Reports and open data

Web Security Map publishes almost all it knows. This results in a large amount of data that can be consumed by others.

  • Extensive reports per finding
  • Frequent automatic updates of all scan results
  • Easy overview table per issue per internet address
  • View changes made in the last seven days
  • Statistics and graphs over time for everything
  • Open data sets, usable for further research

Statistics, including graphs, bars and more.
Reports with lots of details, second opinion and interaction.
Reports with lots of details, second opinion and interaction.
RSS Feeds on all changes, and for each organization.
RSS Feeds on all changes, and for each organization.
Data set downloads, for other systems and developers.
Data set downloads, for other systems and developers.
Example report for a single internet address.
Example report for a single internet address.

Administration

See everything that is happening.

  • Easily import countries and datasets
  • Large set of configuration options
  • Smart crawling of new domain names
  • Insight in all data in the admin interface

Installation & Updates

Simple tools to install and update

  • One command installation on a fresh server
  • Tooling to create a production ready server
  • One command upgrading of server and / or Web Security Map
  • Written using trusted technology: Python, Django, HTML, Javascript and CSS
Comprehensive management interface
Comprehensive management interface
Automatic import of regions using Open Street Maps.
Automatic import of regions using Open Street Maps.
Multi language support (Example interface in Dutch).
Multi language support
White labeled, give the map your own name.
White labeled, give the map and site your own name.

Installation & Training videos

How To - Installation

IMPORTANT: We improve the installation experience over time. Always check the latest installation instructions, here.

Up to date installation instructions are listed on this page, here. This video shows how to install Web Security Map on a virtual machine. This is done with a single command on a clean and dedicated machine.

  • 00:05 Intro / Context
  • 00:14 Where to find the installation instructions
  • 01:20 Starting the installation
  • 02:16 Waiting for installation
  • 02:40 Verification of installation
  • 03:41 Creation of an admin user
  • 04:30 Closing

 

Video showing the installation and maintenance process of Web Security Map

How To - Import Countries

This video shows how to import countries to the map. It shows how to create an administrative region (if it doesn't exist yet) and import data from Open Street Maps. It will then guide how to display the new country to your visitors and how to allow scans to happen. Once you get the gist of it, you'll be able to add another country in seconds.

  • 00:14 Administrative Regions & Map Configurations
  • 01:05 Showing administrative regions
  • 01:44 Adding a new administrative region (when needed)
  • 05:10 Actually importing an administrative region
  • 06:09 What happens behind the scenes while importing
  • 07:40 Updating existing administrative regions
  • 08:16 Map configurations (menu items)
  • 09:17 Showing the imported region on the map
  • 10:27 How to allow scanning on the new country
  • 11:04 End

 

Video showing how to import countries and regions into Web Security Map

Exploring the admin interface

This is a tour of the Web Security Map admin interface. It shows how this interface works in general and what data is stored. This can help you administer the data in Web Security Map and get a deeper understanding of its inner workings. With the knowledge presented in this video you can explore all data in Web Security Map yourself.

  • 00:12 Intro / Context
  • 00:25 Location of the admin interface, logging in
  • 01:05 The admin home page
  • 04:20 Applications in Web Security Map
  • 07:17 Browsing, Searching, Filtering
  • 08:51 Exporting and Importing
  • 10:19 List of organizations, actions and deleting
  • 12:46 Editing
  • 14:00 Closing

 

Video exploring the admin interface of Web Security Map

Configuration options

Configuration options allow you to display all kinds of interesting stuff on the website, as well as use external services to improve the Web Security Map experience, and to enable or disable scanners. The video is extensive and show exactly how each setting affects the working of your Web Security Map installation.

  • 00:12 Intro / Context
  • 00:26 Location of configuration options
  • 01:11 General Settings (comment, address, notification)
  • 03:26 Using external services (MapBox, OSM, etc)
  • 06:17 Project information (How you brand Web Security Map)
  • 07:43 Contact information (How visitors can reach you)
  • 08:28 Chat option (chat box on the site for support)
  • 09:12 Comply or Explain (Enabling, impact on the site)
  • 11:55 Enabling / Hiding features
  • 16:38 Discovery of URLs, endpoints and scanning
  • 18:05 Configuration per scanner (Scan, Report, Show)
  • 18:52 Fair / Stand options (News Ticker)
  • 20:18 Developer + Beta configuration
  • 20:46 Closing

 

Video showing configuration options for Web Security Map

Add organizations using Data sets

This video shows how to add large numbers of organizations to the map. This is done by uploading a spreadsheet. The spreadsheet is downloaded and edited. When uploaded the organizations are added to the database. A report is created and a new layer is configured to show the new organizations on the map.

  • 00:23 Demo of 1000+ organizations (entire Dutch government)
  • 01:20 Creating a Data set
  • 02:11 Example spreadsheets
  • 03:35 Setting the rest of the Data set options
  • 03:59 Setting up a Google Maps API key
  • 04:30 Importing and a peek behind the curtains
  • 04:50 Looking at the imported data
  • 05:12 Creating a Map Configuration to show the new data
  • 06:20 Creating a report and seeing the new data on the map
  • 07:13 End

 

Video showing how to add large numbers of organizations into Web Security Map

Support

Professional support

Stuck? No problem. We're ready to get you on track.

The Internet Cleanup Foundation provides both free and paid support. Our mission is to make the internet secure and safe. This should be easy for everyone!

Only want to focus on the data, the results and communication? We can help you with deployment and maintenance.

Contact support!

Chat Support is available at the bottom of the page or at:
https://gitter.im/internet-cleanup-foundation/Lobby

Development platform

Web Security Map is open source software. Our home is at Gitlab .

You are very much welcome to contribute to this project.

Gitlab homepage Issue tracker

Documentation

Are our training videos not enough for you? Our online documentation covers topics like installation, maintenance, upgrading and features.

Deployment docs Web Security Map docs
Web Security Map Logo

Monitor your government! is an initiative of the Internet Cleanup Foundation . Our mission is to make the internet secure and safe. We develop open source software to do so. Start monitoring your government today!

This project is supported with a grant from the SIDN Fund .