OUR SERVICES AND PRICING FOR VULNERABILITY SCANNINGWebSite security Audit
Backup the website and install locallyWe will first make a total backup of your website and install it locally to one of our servers. By doing this we make sure we can scan the total site without any dangers for the client. Scanning on live systems can get websites to crash and take the website offline.
Content DiscoveryAs you might guess, before identifying vulnerabilities in your website it is necessary to fully discover it. For this purpose we are using 2 different techniques: crawling (spidering) and hidden content discovery techniques.
Crawling consist of 2 steps: first, we manually crawl your website to get content and after that we are using automatic crawling which is simply an automatic process done by our tools to get through links which your website has.
Hidden Content Discovery
Hidden content discovery is the process of identifying content which is not linked from visible content that you can browse. For this purpose, we use some general techniques such as name guessing and extrapolation from naming conventions detected in use within the web application. So, to sum it up, in order to discover content we first crawl it manually, then automatically and at the end we use some techniques to discover hidden content.
In the passive stage, we are detecting such vulnerabilities which can be easily exposed just by analyzing requests and responses. We can refer to serialized objects in HTTP messages as an example of such vulnerabilities.
in the active stage, issues, we are detecting can be grouped into the following: light, medium and intrusive active vulnerabilities. Light active issues are such type of vulnerabilities which can be identified even by making a very small number of pure requests. Cross-origin resource sharing can be considered to be an example of such issues. Medium active issues are being detected by making requests that might be considered malicious ( for example, OS command injection ). Finally By making requests that carry a higher risk of damaging the application data(for example SQL injection) we are detecting intrusive active issues.
How long does a scan take to complete?
Depending on the size of your website it can take from 10 hours up to days . You can let us know in advance if a scan is needed to be done in a short period of time.
What payment options are there?
Payment options are Visa & Mastercard, IDEAL (Netherlands) Paypal, all the major Cryptocurrencies like bitcoin, bitcoin cash, ripple, money. If your payment option is not listed here, please just send us an email and we will be happy to help you.
Will you fix security issues?
No, We will not fix your security issues. We can make you an offer on fixing some vulnerabilities, but that will depend on the severity of the issue. However, having a detailed report paper, you can inform your web developers about security issues so they can fix.
Which vulnerabilities you can find?
Injection, Broken Authentication, Sensitive, data Exposure, XML External Entities (XXE), Broken Access Control, Security, Misconfiguration, Cross-Site Scripting (XSS) Insecure Deserialization, Using Components with Known Vulnerabilities, Insufficient Logging & Monitoring and many more...
Will this stop hackers from exploiting vulnerabilities?
No, it will not. The scan will make you know which vulnerabilities your site has. It will be up to you what to do with them. We can make you an offer on fixing them but that all depends on the severity of the issue. But, you can send report paper to your web developers to inform them about issues your site have.so, they can fix them.
Why not use free software or scan it myself?
The software we are using is a professional one and expensive to buy, also it requires professionals to do the proper scanning. To do a scan safely takes a lot of time to master. We are experts who can do this job for you.
What happens if my site has an issue?
If your site has an issue you can either let us make an offer to fix it or contact your web developer to do this.
Are there any risks which will harm my website?
All the scans we do, we do from our local servers. Scanning a website on a live system can seriously harm your website or ISP. And extra plus with scanning on a local sever is that we can work much faster and keep our prices much lower then our competitors.