Penetrační testování
One of the services provided by the national security team CSIRT.CZ is penetration testing. This service is designed to identify weak points in the customer's infrastructure. Penetration testing helps organizations identify and eliminate hidden threats they may not even be aware of. These can include forgotten services that are no longer maintained for historical reasons, vulnerable web and other applications, misconfigurations, user errors, and many others.
DNS Crawler
This is a joint project of CSIRT.CZ and the CZ.NIC Labs, which regularly collects data from DNS, mail servers, and main websites of all second-level domains under .cz. The project's goal is both the general classification of domains according to various criteria and the creation of further statistics, as well as the detection of security issues, such as fake e-commerce sites or domains used by botnets. The open-source software tool DNS crawler, developed by CZ.NIC Labs, is used for data collection. Detailed information about the rules and parameters of the DNS crawler operation can be found on this page.
Skenování CMS
The goal of the CMS Scanning project is to perform preventive scans of web presentations in the .CZ domain and inform domain name holders about potentially outdated versions of CMS systems and their plugins. It can be assumed that some website operators may not even realize the risks involved. We expect this initiative to help prevent damage that could result from exploiting vulnerabilities in outdated CMS versions, potentially harming website operators or their visitors. The scanning does not attempt to breach or gain unauthorized access to websites, only loading the publicly available HTML content of the site.
Skener webu
Primarily for the non-profit and public sectors, we provide a free penetration testing service for websites. The testing includes both automated and manual tests focused on finding security vulnerabilities in applications. Each security finding is marked with an estimated potential risk level and includes a description of recommendations for potential fixes. Service requests can be made on the website skenerwebu.cz.
PROKI
The goal of the project, supported within the framework of security research in the Czech Republic for the years 2015 - 2020, is to build a system for analyzing information about cyber incidents from a variety of sources and evaluating this information by the National Security Team CSIRT.CZ, operated by the CZ.NIC association under Act No. 181/2014 Coll., on Cybersecurity. The developed system will then allow sharing information about cyber threats between key players, particularly national and governmental CERT/CSIRT teams and significant ISPs.
Malicious Domain Manager
Websites can be misused to spread malware, be part of a botnet, or host phishing pages. The goal of the Malicious Domain Manager service and application is to track incidents of website abuse and exploitation in the .CZ domain from various sources. We then inform the domain holders about the issue directly.
Podpora rozvoje kapacit v oblasti kybernetické bezpečnosti v České republice
The project responds to the growing importance of cybersecurity and the need to protect against cyberattacks at both the national and European levels. Its broad range of measures contributes to strengthening trust and security as one of the key pillars of the Digital Agenda for Europe. The project, led by the CZ.NIC association, which operates the national security team CSIRT.CZ, is in collaboration with the NIX.CZ association, which operates independent internet exchange points (IXPs) in the Czech Republic and Slovakia. Throughout the project, both organizations will prepare for the tasks and responsibilities arising from the NIS Directive. The project was launched on July 1, 2017, and is funded by the CEF Telecom program.
