This site is using cookies to manage navigation and other tasks! We are not using
any cookies for analytics or marketing purposes. All cookies are deleted when the
session times out or you close your browser. You can find more information about
this in our Privacy Information!
Please note that old scan results are not updated, unless indicated! New scan results are added every three days
and will include the additional details!
Found and fixed a bug in the way vulenrabilities were evaluated! The grade shown was correct, the way
vulnerabilities were shown not. Please note that the fix will apply to new scans only!
New admin tool to synch sites between users. If you want to share
the sites you are watching with a colleague you can send a mail to
sigma-support or use the contact form.
The site list is now sortable! Simply click on the column titles to select the column
to sortby. Switch direction by clicking the same column again. This took longer than I
of them worked as I expected. So I finally resorted to do it serverside. In the end I
believe that was the correct way as it also enabled me to cut down on the DB calls
drastically. We will see if it works out ....
Fixed search in sortable table (note to self: test all functions before releasing ....)
Added sort-funtionality to API Sites list
Added options to add or remove a site from a list to the site actions. Now you do not need to
edit a list to add or remove sites.
New notifications can now be sent to your email once a day. You can select to have only sent
notifications generated since your last login or or all new notifications of the last day. The
default is to have no mails sent! Messages marked as read will not be sent. You can
change your mail settings in your profile.
Changed the appearance of the user profile to accommodate new options. Passwords are now
changed in a new modal and Two Factor Authentication can also be reached from there.
The invitation options in the user profile will not be shown if invitations have been
disabled (makes sense, doesn't it?)
Invitation system deactivated
The site is now at a point where it can process more sites and it has nearly all important
features. To make SIGMA easier accessible for more users I have disbaled the invitation
system. If I see that too many people register, I can always enable it again.
Added information about other projects
Added a support menu to make the contact form and the FAQ easier and more logical to access
Cleaned up the last problems after deleting some central scripts (by accident)
Some cosmetic changes
Added a quick link to the details in the notifications
Some general content polishing
Changed color of the save-button in the list editor. Caught myself to often returning to the
list without saving my changes.
Added some screenshots
Notifications correctly identify an initial scan.
FAQ entries are now shown in categories
Added indicators for 'Scan in progress' and 'Site suspended'
Fixing odd bugs here and there
Due to an outage at SSLLabs not much work was done today. In addition a strange database problem
occured where the DB claimed the unique key set for a scan was already in the database when in
fact it was not. Removing the offending queue entry only led to the DB complaining about the next
key ... The only thing that helped was backup the DB, drop it, and restore it from scratch. Together
with looking for the cause of the sudden scan problems this took most of my time. However once
things started to work again, I got some of the things I had planned for today done:
You will now recieve a notofication when the status of your site changes:
Change in the grade (better or worse)
Warning if the certificate expires in 14 days
Some of this may need some finetuning, but at least now you know when something changes.
Additional notifications will be added as I find a usecase or per your suggestion.
New Feature: Message Center
You may have noticed a new option in your user menu: Message Center. I am continuing the
integration of the new messaging system. Please be patient, messages will arrive as soon
as I finish the message queue. So far I have integrated it into the scanning process and
wrote the message distribution. However it is now 2:30 AM and I am too tired to test it now.
Added an indicator to the avatar-icon to signal new messages since last login.
Unread flag will indicate by colour if a message is new (sent since last login: red), or
older but still unread. Even though the message is shown directly (I do not expect the messages
to be very long) I put in the unread flag in case you would like a system of marking messages
as read. You may of course just delete them immediately.
The Scan Queue system will not send messages directly, but will push notifications into a notifications
queue. This queue will be processed regularly by a seperate process to avoid slowing down the scan queue.
This will also allow me to send notifications about other events to more than one user more conveniently.
The mail queue can either send messages to all users watching one host, or to every user of SIGMA.
New Feature: Request Rescan
This may not sound like much, but it is the first use case for the new internal messaging.
What happens if you send a Rescan Request is that a message is sent to the admin group and
is shown in the admin dashboard. For now admins can only mark the message as read or delete
it. Replying will come next and then you will also get notifications when one of your sites
is changing status or problems are detected.
Polishing the admin backend
New Feature: Two Factor Authentication
Secure your account by activating the two factor authentication in your user menu! Once
activated you can deactivate it using the same menu. I made it optional since not everybody
likes it, but I strongly recommend activating it.
Moved the user settings into their own menu. In the future some options from the account
settings (namely API Keys and Invitations) will be moved into their own menu options to make
room for some cool new features (eg. notifications). The start page will become more of
Added better error handling to scan process. When the SSL Labs API returns an error for a scan
request, the message is now logged and the host in question is suspended until an analysis
of the problem can be performed.
Lists can now be deleted
Preparing to add suspend option (admins only)
Cleaned up action icons in sites overview to allow more options without loosing the overview
Added list selection button to list view to switch faster between lists
As usual: Bugs, bugs, bugs ....
Lists can now be renamed (delete coming soon)
Learned to hate the browser cache ... Did I mention lately that 'I hate computers'?
Selected lists are now 'sticky' (similar to search). Return to the site overview
by clicking the button 'Show all Sites'.
New Feature: Lists
When you have a lot of sites in your overview you may want to be able to see only a
subset for a better overview and the search option does not give you enough flexibility.
This is where lists come in. Define a subset of sites by placing them on a list and then
selectively view only this list.
The feature is still in implementation, so some options (rename list, delete list, remove
site from list, add a single site to a list) are still missing. However I wanted to
give you access of this great feature as soon as possible. BTW the list option will also
ecome available in the Certificate and API-views. May take a few days though.
More bug swatting ....
Added option to see more certificate details to the site overview. The details are also
available for all archived scans via the Archive view.
Added an indicator in detail view if insecure protocols are detetcted.
Added some details for the main certificate to the details view & DB (valid from, common name(s),
Changed the way vulnerabilities are shown in detail view.
Updated API site view to reflect latest changes
Added more information to site over view and site details (Historic results not updated!
New scan will have the additional data!)
If vulnerabilities are found the site status will indicate this. individual vulnerabilities
are now shown in site details of new scans.
Certificate information now taken completely from SSL Labs results, removing the need for
an extra server call. Certifcate details coming in next update.
Added basic FAQ-system (missing but coming soon: search, categories, likes)
Prepared to extend result pages
Added a functionality to add a list of sites at once. If you need a mass import of
sites, please send the list to sigma-support(at)silverday.de. Please put
each portal on a seperate line!
Added a certificate status list
Moved the site status lists into a seperate menu
Bugfixes and queue performance
Using API-Keys you can give others access to your list of sites without the need of an account.
This can be useful for providing information easily to a group of people. API-Keys allow access
to a site overview, certificate overview, and a JSON dump of all available data. Permissions
can be set to include one or more of the views and they can also be limited to a certain date.
The JSON-dump should be considere experimental at the moment.
The APIKey feature is available to registered users on request!
Queue Management (Admin only)
Administrators have now easier access to queue management Functionality.
Added additional certificate parameters to the DB. Please Note: Existing sites will fill the fields
during the next regular rescan within 72h. Historic scans will not be updated.