Websites are playing a critical role for the candidates in the 2016 U.S. presidential primary season. These sites are used to encourage voters and educate the people of their platform, but even these candidates are susceptible to hacks and security problems, impacting their campaign or their image.
Each presidential candidate has a website, but which tops the charts in terms of the most secure site? Alex Heid, chief research officer at SecurityScorecard, a service that rates the security of an organization, decided to do some research.
He found that many candidates are making use of CloudFlare, a common distributed denial-of-service (DDoS) mitigation platform that works as a Web application firewall. There might be other protections in place, but CloudFlare is readily observable through the routed IP addresses, said Heid.
In his research, he found that republican candidate Donald Trump’s website ranks at the top in terms of security, with democratic frontrunner Hillary Clinton lagging behind. Heid’s analysis also looked at the Ted Cruz’s, John Kasich’s and Bernie Sanders’ campaign websites.
His SecurityScorecard analysis of the presidential candidates’ websites did not involve any invasive penetration testing. Instead, it was based on passive analysis. He was able to get information by looking at the IP addresses and by viewing the source code of the given website.
“By using Google, we were able to determine which sites were the official political campaign websites,” said Heid. “The technique of ‘Google Dorking’ was also used to attempt to identify technologies the website used. Google Dorking is slang for advanced search queries that drill down on search results to very specific items.”
Heid also found that sites that belong to the Cruz, Sanders and Trump campaigns all use DDoS and Web application firewall (WAF) protection from CloudFlare. The Clinton and Kasich websites both are hosted on Amazon Web Services, and neither had DDoS/WAF protection in place, according to Heid’s analysis.