A few days ago I came across a web page developed by High-Tech Bridge showing a live world map of SSL/TLS security. After checking some of the tests, two questions came to my mind:
- What is the status of SSL/TLS security in different European countries?
- Are the top companies taking secure information exchange seriously?
In order to answer both questions, I thought on taking a sample of the main companies of at least 3 different EU countries and perform the High-Tech Bridge SSL test.
Getting a list of the main companies by country
First, I needed a list of representative companies by country. After thinking about making a list myself, I thought that it was probably better (and more funny) to get it from somewhere. Probably there are other sources, but the company list from different stocks markets seemed a good starting point. So, I headed to Yahoo Finance in order to get a company list for Germany (^GDAXI), France (^FCHI), Spain (^IBEX) and also a list of different companies in Europe (^STOXX50E).
Yahoo Finance has a very good API for getting realtime stock quotes. Among other things, it has a module for getting the components from a specific market, using a call to the next URL:
https://query2.finance.yahoo.com/v10/finance/quoteSummary/<SYMBOL>?modules=<MODULE>)Example: Getting the components of IBEX (^IBEX) market.
Then, I needed the website for all the components I got in the previous call. So, I used the summaryProfile module in order to get it.
This is the Python code for getting the website of all the components of a market:
Performing the SSL/TLS tests
Once I got the websites, the next step was to use the High-Tech Bridge SSL security test API in order to get the score and the grade that High-Tech Bridge gives in every test.
From each response from the SSL Test, the market, symbol, web, score and grade were recorded and later saved to CSV using Pandas.
Playing with the data
At this stage, I wanted to obtain two things:
- The top10/worst10 scores for each country
- Some pie charts with the percentages of results by grade
So, I used Pandas and matplotlib for getting the info:
Results
Below, the percentage of the companies with each grade can be seen.
And the best/worst scores in each country:
Conclusion
On the positive side, it looks like most European tested companies take information exchange security into account: 75% of “A” grades and almost 90% of approved.
On the negative side, the 40% percent of the main companies in Spain and the 30% of the French companies tested fail the test. It is specially dramatic in the case of Spain where 8 companies of the 35 tested does not even support SSL/TLS.
