To prevent future security incidents, we offer a website security audit service . This audit is suitable in all phases of the life of the website - from the phases of its design, through the audit after launch, to regular audits during its operation.
During the audit, we will test the site's resilience to common attacks , check compliance with best practices , verify server settings and evaluate the risks we found. During the audit, we use both automated tools (either our own tools or well known tools in security communities) and detailed manual procedures for evaluating and verifying their outputs and finding less common problems.
The audit can be performed as a so-called blackbox audit or whitebox audit. In the first case, we act like a real attacker who knows nothing about your site and infrastructure at beginning. In the case of a whitebox audit, we need access rights to the application and web files from you - so we can detect many more errors in less time. However, we can of course use both methods.
Every year, we detect and report critical security issues on thousands of sites.
Attackers can obtain all the data about your customers. However, they can also gain access to sensitive documents that are not available in the public area of the site. They often get credentials and tokens from compromised websites to various other services. If you don't use strong password hashing and don't care about their strength, attackers can get your users' passwords and try to use them in other services. On behalf of your domain, they may also attempt to target phishing to other of your employees.
A security incident can have a tremendous impact on the credibility you have built on your clients for a long time. Restoring trust and reputation can be a long way off.
The effects of cyber attacks can have major direct and indirect financial implications. Your service may be down for several days. If you do not have a well-resolved backup , some data may have been irretrievably lost. Malware could persist on the web for several months, during which time it could redirect some of your visitors to third-party sites. Removing malware is often a time-consuming activity that requires professional intervention.
According to the GDPR, when processing personal data, the controller must ensure their security. If there is a data leak, you are fined up to 20 million € or 4% of total sales. You are also obliged to report any leakage of personal data to the Office for Personal Data Protection within 72 hours. If you operate the service for other entities, you, as the operator, are also liable for the damage caused.
Audit se zaměřuje na nejčastější chyby a jeho součástí jsou:
Během auditu se zkoumá chování aplikace a aktivně se vyhledávají slabá místa. Součástí auditu jsou:
Komplexní audit celé aplikace, zdrojových kódů, běhového prostředí, vývojových procesů i souvisejících rizik.
Další články o bezpečnosti na našem blogu.
