Security audit is a preventative measure aimed at obtaining an accurate assessment of the security of your company's resource. There will be collected complete information current vulnerabilities and possible types of protection against hacker attacks. As a result of the audit, we provide practical recommendations for the removal of gaps found in the protection of the site.
Security audit is not a one-time event but a continuous process of improving protective measures aimed at ensuring the security of all business processes of the company. This will guarantee further economic growth and development of your business as well as maintaining your business reputation.
Works included in the security audit:
- Search for weaknesses in server components;
- Search for security gaps in the server environment;
- Testing the possibility of remote running of arbitrary code;
- Testing for SQL injection (code embedded in the site from outside);
- Verifying the functioning of the website authentication system, attempt to bypass it;
- Search for XSS and CSRF vulnerabilities;
- An attempt to intercept privileged accounts or their sessions;
- Attempt to run Remote File Inclusion and Local File Inclusion;
- Analysis of site components with common vulnerabilities;
- Checking open redirects to third-party resources;
- Exploring all the directories and files. There used not only s brute force search but also "Google Hack";
- Studying forms of registration, authorization and search;
- Exploring the site's capabilities to obtain confidential and secret data;
- Conducting an attack of the "Race Condition" class;
- An attempt to introduce XML entities;
- Attempt to find passwords.
What is the price of the services?
The cost of services is calculated individually depending on the details of the audit and the volume of the work planned. If you have some small fixed budget, we can conduct a partial audit only involving the most important parts of the analyzed project.
The procedure and of the work:
- Identification of requirements and drafting of an audit plan;
- Сost estimating and prepayment for work;
- Carrying out audit;
- Reporting, final settlement payments;