Recently one of my client has a request to benchmark their application against CSA.
CSA refers to the Cyber Security Agency of Singapore, and the tool they developed is called the Internet Health Lookup Tool. It runs a collection of tests and gives a score between 0-100%, where 100% refers to full compliance.
I ran a scan for this website, and initially, I got a score of 79%. I have 2 major NCs.
- There is no DNSSEC enabled for calvin.my
- Nginx allows gzip compression
I decided to take this as a small challenge and see if I can close all the NCs. I then ran through the steps to enable DNSSEC signing, where I need to generate the necessary certs with my DNS provider and then submit it to MyNic. I also update the Nginx config to turn off gzip compression.
And now we have a 100% score. Woohoo!
And we are in the Hall of Fame too 🥳