
SECURE-CS Platform Security Assessment Report
The SECURE-CS Platform Security Assessment Report presents a corporate-level overview of technical security findings from 13 domains assessed through the Civil Society Security platform, highlighting key strengths, systemic gaps, and priority improvement areas for civil society organizations.
SECURE-CS Platform Security Assessment Report
As part of the SECURE-CS project, ANKA Gelecek ve Yenilik Derneği prepared the SECURE-CS Platform Security Assessment Report, a corporate-level analysis of technical security findings generated through the Civil Society Security platform.
The report focuses on 13 domain assessments conducted through the SECURE-CS self-assessment tool and presents a structured overview of the technical security configuration results. The assessment covers key areas such as SSL/TLS certificates, DNS and e-mail security, HTTP security headers, IP reputation, network signals, port exposure, and basic injection risk indicators.

The findings show that the assessed websites have a strong technical foundation in some areas. All 13 domains had valid SSL/TLS certificates and clean IP reputation signals. This indicates that the basic trust layer of the websites is generally in place. However, the report also identifies important gaps in application-layer hardening, especially in relation to HTTP security headers and e-mail authentication.
The average score across all assessed domains was 61/100, placing the overall result in the medium technical risk category. Scores ranged from 51 to 79, with the strongest result observed in a more mature institutional infrastructure and the weakest results generally linked to missing security headers, incomplete e-mail authentication records, or exposed technical services.
“Civil society organizations need accessible, practical, and understandable tools to identify digital security risks before they become institutional vulnerabilities.”
One of the most important findings of the report is the systemic weakness in HTTP security headers. The average HTTP security header score was only 20%, and several domains had no defined hardening headers. This creates weaker protection against risks such as clickjacking, MIME-type confusion, and unsafe browser behavior.
The report also highlights gaps in e-mail identity protection. DKIM signatures were missing on 12 of the 13 assessed domains, while DMARC was either missing or weak on most domains. This issue is particularly important for civil society organizations, as weak e-mail authentication can increase the risk of spoofing, phishing, and misuse of institutional domain names.
Another priority area identified in the report is port exposure. Some domains had database or administration-related ports visible from the internet, including MySQL and SSH services. While these findings do not automatically confirm exploitation, they indicate the need for immediate technical review and controlled access through IP restrictions, VPN, or server-side hardening measures.
The report makes clear that the assessment is not a penetration test. Instead, it offers an automated technical configuration overview based on publicly observable signals. This approach makes the platform especially useful for civil society organizations that need an accessible first-level check before moving into more detailed technical audits or professional security testing.
- The report analyzes 13 domain assessments conducted through the SECURE-CS Civil Society Security platform.
- The average technical security configuration score was 61/100, indicating a medium technical risk level.
- All assessed domains had valid SSL/TLS certificates and clean IP reputation signals.
- HTTP security headers and e-mail authentication remained the most common systemic weaknesses.
- The report provides domain-based findings, critical risk areas, and a practical reference configuration for improvement.
The SECURE-CS Platform Security Assessment Report demonstrates how the Civil Society Security platform can support NGOs, associations, foundations, and youth organizations in understanding their digital security posture. By transforming technical indicators into clear and actionable insights, the platform contributes to stronger awareness, better institutional readiness, and safer digital practices in civil society.
The full report is available online and can be reviewed through the SECURE-CS project resources.
Read the Full Security Assessment Report
Explore the SECURE-CS Platform Security Assessment Report and review the technical findings, domain-based results, critical risk areas, and improvement recommendations developed for civil society organizations.
Keep reading
More from ANKA

SECURE-CS Multiplier Event

SECURE-CS TPM-3 Successfully Completed in Skopje

SECURE-CS LTT-3 Successfully Held in Skopje

SECURE-CS TPM-2 Meeting Held in Trondheim

SECURE-CS LTT-2 Successfully Held in Brussels
