Ecommerce Security Audit Basic Plan: This is a basic security audit service that identifies vulnerabilities like cross-site scripting, guessable credentials, unattended application security flaws and other misconfigurations.
Under this plan, security experts will audit your eCommerce store against general security guidelines and will find out vulnerabilities and logical flaws. The key focus of this plan is to find out possible misconfigurations and loopholes in your eCommerce store.
Ecommerce Security Audit Basic Plan Includes -
- Checks misconfigured HTTP headers.
- Checks session and cookies handling.
- Identifies platform specific known vulnerabilities.
- Checks cryptographic algorithms.
- Evaluation of server fingerprinting.
- Evaluation of SSL ciphers and protocols.
- Evaluation of network ports and protocols.
- Check against password brute force.
- This service requires a website URL.
- No aggressive scanning would be performed.
- If the website is in production mode, we recommend customers to provide the staging website, else customers can provide the time window of least traffic hours when a website has minimum to zero traffic to avoid the impact of audit on the business.
- After the audit, a report listing vulnerabilities and recommendations will be shared with the customer only.
- Since this service does not involve aggressive methodologies, it will not cover in-depth.
- security assessments and penetration testing.
- No bug fixing and security patching will be included in this service.
- Security vulnerabilities identified will be presented to the customer and will ensure that risk has been addressed.
- Any vulnerability which may have been discovered or any public exploit made available after sharing of report does not come under this audit.
- Due to the nature of security testing, the lack of discoverable flaws and loopholes does not mean the software is fully secure.
- After sharing of report, any changes in configuration, infrastructure or any update applied on host at software/hardware level that may cause security impact on system, invalidates the submitted findings of the report.
- The way of finding vulnerabilities may not be representing all the possibilities, although this service tries to cover the major ones.
- This module will audit the website only against the listed features of this plan.
For any query or issue please create a support ticket here http://webkul.uvdesk.com/