Website / Application Security Audit & Infection Cleanup
A Security Audit identifies vulnerabilities of a web application or website. Using a combination of manual techniques and proprietary tools, an assessment can pinpoint specific vulnerabilities and identify underlying problems.
Our approach is consistent with the practices documented in the Open Web Application Security Project (OWASP), complemented with the extensive experience our security experts. We can assist with the development of application security framework, application development training, the implementation of secure Software Development Lifecycles (SDLC), through to source code reviews and web application penetration testing.
Our audits are powered by people, not by automated tools - let us help you find vulnerabilities before hackers do. Our team are not only security experts, but also developers with extensive knowledge and experience.
The percentage of High and Critical risks combined, compared to all discovered risks is still high at 19.2% for public Internet-facing (external) applications and 24.9% for non-public or internal applications.
Application and Website Security Testing
Our Security Audit will identify application security flaws and spots unsecure development practices in:
- Cross Site Scripting (XSS)
- SQL injection
- Server misconfigurations
- Form/hidden field manipulation
- Command injection
- Platform vulnerabilities
- Insecure use of cryptography
- Back doors and debug options
- Errors triggering sensitive information leak
- Broken ACLs/Weak passwords
- Weak session management
- Forceful browsing
- CGI-BIN manipulation
- Risk reduction to zero day exploits
- Hidden manipulation
- Parameter tampering
- Cookie poisoning
- Stealth commanding
- Forceful browsing
- Directory traversals
- Session hi-jacking
- Denial of service
- Information disclosure
- Backdoors and debug options
- Configuration subversion
- Buffer overflow
- Vendor option exploitation
- Improper management of permissions
The duration of a test depends on the size and complexity of a the website or application being tested. A final written report will provide a detailed analysis of any security or service problems discovered together with proposed solutions, links to detailed advisories and recommendations for improving security.
Was your site already hacked?
Time is crucial to prevent further compromising of user data or abuse of your infrastructure and reputation (setting up attack bots, spam services, etc). We can clean up the infection and harden the security of your software.