Skip to main content

Microsoft ccTLD Registry Security Assessment

The malicious manipulation of Domain Name System (DNS) records, specific to individual country markets, has an adverse impact on the global online community. The free Microsoft ccTLD Registry Security Assessment program provides a set of security services to ccTLD registry providers that sometimes lack the resources to protect themselves from a constant onslaught of attacks.

The program's basic services to ccTLD registries include:

  • Preliminary host and web application scans to determine security posture
  • Monthly recurring host scans
  • Quarterly recurring web application scans
  • Follow-up host and web application scans (typically provided when mitigations have been applied)
  • Vulnerability remediation advisory and consultation

The benefits of these services include:

  • Identification of exposed services that may not be required as part of ccTLD registry web applications and host management
  • Identification of vulnerabilities that can be remediated with appropriate input validation and output encoding to prevent cross-site scripting attacks, SQL injection and cross-site request forgery

ccTLD registries can sign up for the service or learn more by contacting cctldregsec@microsoft.com. Program registration and initial host and web application scans will be completed within seven business days.