The most powerful tool to ensure the information security of your site Your site
Comprehensive site audit for vulnerabilities
Complex of works to ensure maximum security of your site
Site security audit is the most powerful tool to ensure information security of the resource.
Website security audit is a range of operations to detect errors in the site code and server software, which can be used by intruders to attack and hack the site.
The main purpose of site security audit
- Ensuring information security of the reviewed site
The main task of site security audit
- early detection of all site vulnerabilities to prevent hacking and hacker attacks.
The main activities included in the comprehensive site security audit
The review is carried out on an active site operating on the Internet, and allows full assessing of the resource security level.
The review simulates a variety of options, techniques and methods of hacking and attacks on the resource.
Methods of vulnerabilities detecting when testing the site in “working mode”, fully correspond to the real hacker attacks and hacking techniques, while not posing any threat to the site.
Review of the site code parts is a necessary condition to conduct a comprehensive security audit in cases when testing in “working mode” cannot give a definite answer whether there is vulnerability in the website script/module/section, etc.
As an example, there are indications of vulnerability in a particular script of the site, the possibility of exploitation of which is questioned. In this case, the “problem” part of the script code is investigated to determine the presence or absence of a threat.
Most sites use third-party components such as media players, sliders, Wysiwing editors, etc.
Security problems of these components can be critical to the whole site.
Security review of such components is an integral part of a comprehensive website security audit.
Checking the content management system CMS, Framework, etc for ready-made solutions that exploit certain vulnerabilities, if they exist.
Checking the correct site publication. Often backup files, system, test and other files that contain confidential information are to be found publicly available. Open access to such files directly threatens the site security.
Checking the server software correct configuration. Review of the server software vulnerability to the public methods and ways of hacking and attacks. Server ports security review. Other server security reviews.
Search and elimination of malicious code on the site
- viruses
- trojans
- shells, web-shells, backdoors, etc.
- unauthorized obfuscated code
- hacker "inserts" in the site code, that provide unwanted software downloading on the server
- other malicious code on the site
Main security threats
- RCE - Remote code execution
- SQL injection
- PHP injection
- CRLF injection
- Injection in LDAP
- Directory Traversal Attack
- Remote File Include (RFI)
- Local File Include (LFI)
- SSRF - Server Side Request Forgery
- XSS - Cross Site Scripting
- CSRF - Cross-Site Request Forgery
- File Upload
- Combined techniques and methods of hacking and site attacks
- Bypassing the authorization of the site administrative panel
- Non-standard techniques and methods of hacking and attacks on the site
- Other scripts runtime errors
- Information leakage
- Vulnerabilities that are not capable of direct leading to the site being cracked, but allowing attackers to use the site and its resources for their own purposes, such as sending spam, hosting “black” SEO elements, etc.
Stages of work
- At the first stage of works search and elimination of a malicious code of the site is carried out. (if necessary)
- During the second phase of work security audit of the website in “production mode” is carried out.
- At the third stage of the work, a partial or complete code review of the tested site is carried out.
- At the fourth stage, the security audit of third-party components of the site is carried out, the content management system CMS, Framework, etc is checked for the presence of ready-made solutions that exploit certain vulnerabilities, if they exist.
- At the fifth stage, the security of server software is reviewed.
- At the sixth stage of work, a report on the result of the site information security audit is compiled; coordination of proposals to eliminate vulnerabilities is carried out. If necessary, action plans for the next stages of cooperation are agreed.
- At the seventh stage, all detected vulnerabilities are eliminated, site protection is installed.
Final report on the results of the site security audit
As a result of the site security audit, a report is provided, which gives an accurate assessment of the tested site security, corresponding to the threat level of found vulnerabilities. The report contains the most complete information about all found vulnerabilities of the site, server software, detected script failures, general site errors, etc., with specific recommendations for their elimination.
Eliminating vulnerabilities
- Vulnerabilities are eliminated by SystemAdminsPro specialists.
- The customer himself eliminates the vulnerabilities, guided by the final report.
Guarantees
- SystemAdminsPro company guarantees site protection from hacking within 6 months, providing the integrity of the site code after vulnerabilities elimination.
- SystemAdminsPro guarantees 100% operability of all found vulnerabilities, hacking techniques and attacks on the tested resources.
- SystemAdminsPro guarantees the confidentiality of the information provided by the customer of the site security audit.
- SystemAdminsPro guarantees to not disclose any confidential information obtained in the process of providing the services.
Terms of service
- The customer of the service provides guarantees that he is the owner of the resource or an authorized person of the site owner.
- The customer of the service provides all access credentials (FTP or SSH, access to the administrative panel and the site database, etc.).
Service cost
The cost of the service “Comprehensive site security audit” is calculated individually, based on:
- A set of services included in the comprehensive site security audit
- Platforms (CMS) on which the site operates. (Bitrix, WordPress, NetCat, Joomla!, various Framework, self-written sites, etc.)
- The size of the reviewed site, and thus the number of works and time spent on the service
- The server software on which the site is based
- Other conditions and requirements for the site security audit, which may affect the final cost of the service
You can order the cost estimation of your site comprehensive security audit:
Our specialists will evaluate your website and provide you with a targeted commercial offer, indicating the included works, the deadline and the final cost of a comprehensive site security audit.
If you have any questions about site security audit, please contact us!
Specialists of SystemAdminsPro company will promptly answer all your questions.