Ecommerce Security Audit Basic Plan Includes -

• Checks misconfigured HTTP headers.
• Checks session and cookies handling.
• Identifies platform specific known vulnerabilities.
• Checks cryptographic algorithms.
• Evaluation of server fingerprinting.
• Evaluation of SSL ciphers and protocols.
• Evaluation of network ports and protocols.
• Check against password brute force.

Noteworthy Points:

• This service requires a website URL.
• No aggressive scanning would be performed.
• If the website is in production mode, we recommend customers to provide the staging website, else customers can provide the time window of least traffic hours when a website has minimum to zero traffic to avoid the impact of audit on the business.
• After the audit, a report listing vulnerabilities and recommendations will be shared with the customer only.
• Since this service does not involve aggressive methodologies, it will not cover in-depth.
• security assessments and penetration testing.
• No bug fixing and security patching will be included in this service.
• Security vulnerabilities identified will be presented to the customer and will ensure that risk has been addressed.
• Any vulnerability which may have been discovered or any public exploit made available after sharing of report does not come under this audit.
• Due to the nature of security testing, the lack of discoverable flaws and loopholes does not mean the software is fully secure.
• After sharing of report, any changes in configuration, infrastructure or any update applied on host at software/hardware level that may cause security impact on system, invalidates the submitted findings of the report.
• The way of finding vulnerabilities may not be representing all the possibilities, although this service tries to cover the major ones.
• This module will audit the website only against the listed features of this plan.

Support -

For any query or issue please create a support ticket here http://webkul.uvdesk.com/