Security for Websites
After we complete the security test, you will get the following:
- A detailed report showing all findings: vulnerabilities, PoC exploits, configuration problems
- Instructions on how to fix the vulnerabilities that were found
(We can fix the vulnerabilities for you, although additional charges may apply - see below)
- A free follow-up check to confirm whether all vulnerabilities have been fixed
What security tests do you perform?We perform only manual security tests and we don't use automated vulnerability scanners.
We test your website for security vulnerabilities such as SQL Injections, XSS, Directory Traversal, Authentication Bypass, LFI/RFI, Buffer Overflow, and web-server configuration problems.
Why should I choose your manual security test and not an automated scanner?All our tests are made from a real attacker's perspective, using our in-depth knowledge of web security. A real attacker will never use an automated scanner before compromising your data or defacing your website. Security scanners are made for system administrators, not for hackers. Real hackers won't buy a vulnerability scanner license to hack your website. All they need is motivation and a web browser.
Why don't you just use automated scanning tools?Vulnerability scanners are notoriously inaccurate and superficial, and they can only detect the most obvious vulnerabilities - which in most cases are not the ones that lead to a website compromise. Skillful attackers usually engage in sophisticated hacking techniques, which involve exploiting vulnerabilities not normally recognized by automated vulnerability scanners, correlating data and vulnerabilities, and building their custom exploits for each target profile.
Have you ever wondered why big websites still get hacked? Do not assume that they cannot afford a vulnerability scanner to know what their weaknesses are; they most certainly can. The problem is that a vulnerability scanner is not nearly enough when you want to protect your website against clever attackers, whose abilities and determination should never be underestimated.
How long will it take to secure my website?It will take two business days to complete our test and another day to deliver the report. If you want us to fix the vulnerabilities for you, we will need to know your access code and it may take between one hour and several days, depending on the workload.
How much will you charge in order to fix the vulnerabilities for me?If we can fix it in one hour by modifying several lines of code, it's completely free. If it takes more than one hour, we will provide you with a price quote based on the total work load estimate, at a charge of $100/hour.
What if you break anything on my site during your tests?We will do our best not to cause any website disruptions or break anything.
However, we highly recommend that you have a backup done before we start work.
Why should I trust you?We are a security company providing professional services, not a shady backstreet business or freelance hackers advertising on hacking forums. We will send you a signed NDA before starting any security tests. The report and all our findings are deleted upon finalizing the security test and presenting you with our report.
How do I know that you will really do your best to test my website for security breaches?We may charge for extra-work such as securing the website for you, so it's in our own interest to find as many vulnerabilities as we can and help you secure your website.
It's a well-known fact that satisfied customers are repeat customers, and rest assured that we want you as our long-term customer. The only way to ensure this is by offering a service that genuinely helps you and saves you money that otherwise might be lost through security breaches.
Can you provide this service on a recurrent basis?Yes, we can. We will need to discuss custom pricing for recurrent security tests.
My developers/system administrators have assured me that my website is secure. Why should I require your services?Security testing is not a simple job that anyone can do, or just a skill that any website developer should easily add to his LinkedIn profile. It's a full-time activity that requires 100% commitment, enthusiasm and constant improvement.
Why not just let the professionals in the field of security help you to secure your website and, in the process, provide your developers and sys-admin people with constructive feedback about their work?
If you would like more details about how we can help you to secure your website, please feel free to contact us