Service Providers

This finding lists providers authorized to host different part of the infrastructure.

This data is in no way a secret and is accessible to everyone. Its exposure in itself is not a vulnerability, the finding is only there to serve as an indicator for you, showing you what vendors have access to.

What can happen?

A chain is no stronger than its weakest link, and each of the vendors in this finding needs to be trusted.

This is nothing unusual, as there are multiple leads to access most websites. This is part of the Internet. However, it is important for the owner of the website to be aware of this, to better be able to make decisions about who to trust.

Example

This finding can, for example, include the hosting provider or the company you use to host the domain. The details vary depending on what companies we have identified in your specific scan and what our scanner saw as interesting.

Remediation

As this is not a vulnerability, but intended as information for the developer, there is no direct remediation.

If all service providers are considered trusted, there is nothing that needs to be done here. If that is not the case, you might have the re-design the web service architecture to get around that specific service provider.

If you have any further questions regarding this finding, please reach out to us at [email protected].