Web Security

The sad fact is that majority of websites neglects security and resolves it only at the moment of the security incident. As a prevention, you can use the experience of web specialists here in Lynt let them make a security audit of your site.

Our research shows

42 %

of Czech e-shops do not use HTTPS  or use it incorretly.

32 %

of Czech e-shops contain security flaws of of varing severity.

10 %

of Czech e-shops contain critical security flaws.

25 %

of sites in WebTop100 contest contain critical vulnerabilities.
I want more numbers!

more than 300 000

sites revealing complete source codes and their sensitive data were found by a simple vulnerability scan

more than 25 000

attack attempts we block each week on one single site

almost 2 000

Czech WordPress sites was compromised on September 1, 2020 due to an out-of-date version of the WP File Manager plugin

12 minutes

it takes automatted attacks to begin on a newly launched server on the Internet

majority

WordPress Websites unintentionally reveal the email addresses and names of its users and commenting visitors

77 %

Czech e-shops completely ignore security HTTP headers, which can reduce the impact of incidents

Security audit by Lynt

To prevent future security incidents, we offer a website security audit service . This audit is suitable in all phases of the life of the website - from the phases of its design, through the audit after launch, to regular audits during its operation.

During the audit, we will test the site's resilience to common attacks , check compliance with best practices , verify server settings and evaluate the risks we found. During the audit, we use both automated tools (either our own tools or well known tools in security communities) and detailed manual procedures for evaluating and verifying their outputs and finding less common problems.

The audit can be performed as a so-called blackbox audit or whitebox audit. In the first case, we act like a real attacker who knows nothing about your site and infrastructure at beginning. In the case of a whitebox audit, we need access rights to the application and web files from you - so we can detect many more errors in less time. However, we can of course use both methods.

Every year, we detect and report critical security issues on thousands of sites.

sec-audit

Impacts of security incidents

Sensitive and personal information leaks

Attackers can obtain all the data about your customers. However, they can also gain access to sensitive documents that are not available in the public area of ​​the site. They often get credentials and tokens from compromised websites to various other services. If you don't use strong password hashing and don't care about their strength, attackers can get your users' passwords and try to use them in other services. On behalf of your domain, they may also attempt to target phishing to other of your employees.

Lost of the credibility and reputation

A security incident can have a tremendous impact on the credibility you have built on your clients for a long time. Restoring trust and reputation can be a long way off.

Financial losses

The effects of cyber attacks can have major direct and indirect financial implications. Your service may be down for several days. If you do not have a well-resolved backup , some data may have been irretrievably lost. Malware could persist on the web for several months, during which time it could redirect some of your visitors to third-party sites. Removing malware is often a time-consuming activity that requires professional intervention.

Legal issues

According to the GDPR, when processing personal data, the controller must ensure their security. If there is a data leak, you are fined up to 20 million € or 4% of total sales. You are also obliged to report any leakage of personal data to the Office for Personal Data Protection within 72 hours. If you operate the service for other entities, you, as the operator, are also liable for the damage caused.

A Security Audit will help you minimize risks.

Audit inquiry

Informative Price

The price may vary depending on the size and complexity of the project and the need for any further consultation on the results.

Základní audit

10 - 15 000 Kč bez DPH
rozsah 6 - 8 hodin

Audit se zaměřuje na nejčastější chyby a jeho součástí jsou:

  • Identifikace technologií.
  • Audit běžných chyb.
  • Dodržování základních best practices.

Standardní audit

20 - 30 000 Kč bez DPH
rozsah 10 - 18 hodin

Během auditu se zkoumá chování aplikace a aktivně se vyhledávají slabá místa. Součástí auditu jsou:

  • Podrobná identifikace technologií.
  • Podrobný audit běžných chyb.
  • Dodržování best practices.
  • Audit běhového prostředí aplikace.
  • Základní analýza zdrojového kódu.

Rozšířený audit

45 000 + Kč bez DPH
rozsah 25+ hodin

Komplexní audit celé aplikace, zdrojových kódů, běhového prostředí, vývojových procesů i souvisejících rizik.

  • Podrobná identifikace technologií.
  • Podrobný audit běžných chyb.
  • Dodržování best practices.
  • Podrobný audit běhového prostředí aplikace.
  • Analýza zdrojového kódu.
  • Audit procesů a souvisejících rizik.
Poptat audit

Bacis

400-600 €
VAT not included

Standard

800-1200 €
Kč bez DPH

Extended

1800+ €
Kč bez DPH
Technology identification
Audit of common issues
Best Practices
Environment audit
Source code audit
Analysis of related risks
Time estimation
6 - 8 hours
10 - 18 hours
25+ hours

Security Audit Outputs

The standard report

  • table with results
  • a short report with a basic description of the major problems
  • evaluation of the state of the website and recommendation of further steps

Additional services

  • detailed online consultation of results
  • complete in depth report with recommendations
  • supervision of the implementation of fixes
Additional services are charged at an hourly rate of CZK 1,800 excluding VAT.
audit-tabulka

Areas of the most common issues

Application issues

  • Unsanitized inputs
  • Accessible non-production files
  • Bad permissions
  • Weak / default passwords
  • Out-of-date libraries
  • Bad Practices

Environment issues

  • Folder listings
  • Display of error messages
  • Poor site isolation
  • Making non-public parts available
  • Non-updated components
  • Unencrypted protocols
  • Services on other ports

Neglected prevention

  • Security headers
  • Passwords hashing
  • Inappropriate user roles
  • Suspicious requests permit
  • Broken backup

Our lectures and blog posts

Playlist of our security talks a materials.

Blog posts

Další články o bezpečnosti na našem blogu.

Who performs the audit?

SECURITY SPECIALIST

Ing. Vladimír Smitka

In Lynt, Vlad Smitka is responsible for conducting security audits.
Vlad has been involved in computer networks, Linux server configuration and web development since 2003. He spoken on security at dozens of Czech and world conferences, served as a jury for technical web design in the WebTop100 competition for several years, and has found and reported bugs on hundreds of thousands of websites.
More about Vlad

Web Security Audit Inquiry

Co se bude dít?

  • Use the contact form or other contact options .
  • Ideally, fill in the name of the website and other technical details of the project so that we can take a quick look at it before agreeing on the next steps.
  • If you need to start cooperating with the NDA , we have a contract ready to fill out online .
  • If you are currently dealing with a security incident , let us know so we can work together to take countermeasures as soon as possible.
  • Together we will agree on the scope of the audit and estimate the time required.
  • We will exchange the necessary approaches (this can be done safely, for example, using a keybase , PGP or using secure one-time links ).
  • We will start the audit and typically provide the first outputs within a few working days .
  • After completing the audit, you will receive a report with the problems found and recommendations on how to proceed.
  • If you need, we can arrange an online meeting, where we will discuss the outputs in detail .
  • We can oversee the implementation of repairs and help with their deployment

    Lynt services s.r.o

    We have been creating more effective campaigns for 9 years, speeding up websites and enchancing their security. We combine marketing, development, and automation.
    Inquire now
    sunmooncloud linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram