methodology / Security & Infrastructure / #28

Subdomain takeover surface

live factor #28 · Security & Infrastructure · scoring impl: implemented · weight 1.3%

What we measure

Dangling CNAME records pointing at deactivated cloud services (e.g. an old Heroku app, abandoned Azure resource) can be claimed by attackers — letting them serve content under your domain.

How to improve your score

Audit DNS, remove CNAMEs to dead services, lock down provider accounts.

Data source

Data source for this factor is not yet documented.

Implementation notes

Pull subdomains from CT logs, resolve each, flag dangling CNAMEs.

Scoring

Scoring formulas are versioned with the methodology. The current method (v1.1.0) maps raw measurements to pass, warn, fail. Factor weights determine how much each contributes to the composite — see the methodology index for the full table.

Version history

← back to methodology