During a preliminary discussion with you, we explain the expected extent of the security test; we make an offer on that basis, which we again discuss with you.
If you accept the offer, we actively start with the work:
Before beginning the detailed test, we actively collect information about the network structure, the system architecture, services and applications used, as part of the Information Gathering Phase.
Based on the components found, the elements that need detailed testing are determined.
The range of topics that are observed more closely is as follows:
- DNS server competent for the offer (Nameserver)
- Mail server competent for the offer
- Web and application server
- Search for other servers of the customer
- Testing of external service providers (Newsletter ASP, Payment Gateways etc)
- Customer’s website
Testing is done on the website for the following factors (Vulnerability Identification)
- Susceptibility to SQL Injection
- Susceptibility to XSS / Cross Site Scripting
- Search for files and folders with contents not intended for the public
- Search for errors in the application, which allow output of non-public data or execution of programs on the server
- Search for misconfiguration (Directory Listing, SSL configuration)
- Security of the customer data (Logins, Sessions, encryption etc.)
When all the data are available, a security report is prepared, which allows a precise comprehension of the tested objects, results as well as the recommendations for eliminating the possible security holes.
The test report comprises 35-45 pages and also offers background information for all tests and results, in addition to a classification from “Good” to “High risk” for each criterion.
For further information about the website and network security testing – Contact us now!
Dieser Text ist auch verfügbar auf: DE