Security Audits
The security of software is often a secondary priority in software projects.
However, the internet today is an arena with fully-automated hacking software
which will visit millions of websites, trying to find known and unknown holes
in the software.
If you have a website which you use professionally, you don't wany any
surprises. A hacker causing problems can affect your earnings and scare away
your visitors. At best, your website is temporarily out of order,
disappointing your clients and some of them leaving permanently. In the worst
case, your data and that of your client is out on the street and your
hard-earned trust and reputation is damaged.
Alas, security is a skill that not every developer has honed. The perfect
developer will both watch for features as well as security, however there is
many a programmer that has a talent for what the client drives and is unable
to spend enough attention on security. The issue remains in the back of the
head and is not examined thoroughly enough.
An example of the effects. An entrepreneur approached us with the story that his
project, the building of a website, had entered the final phase. During
testing, it was discovered that strange pieces of code were injected in pages
of the website. Each piece would act as a bootstrap for another, possible
malign piece of code which would be retrieved from another website. The
problem was that the website was planned to go live very soon. Weeks ago,
suppliers and customers were informed of the go-live date and on the reserved
domain, a countdown was prominently displayed. However in the current
situation it was clear that the countdown would have to be stopped.
In short time, an analysis was made of the cause of the hack and immediately
took measures to prevent a second attack. Our experience told us that one
vulnerability is usually just the tip of the iceberg, so the complete
environment was scrutinized from top to bottom.
Our customer was informed that the risks now were minimized and that the
software could be put online. He did not have to call off the festivities and
the go-live date went as planned!
The above situation is not one you'd want yourself found. We offer a service
that minimizes the chance of a hack into your servers and software. For a
fixed price, we can audit both your Linux servers as well as your PHP or
Perl-based software. We start by presenting a detailed checklist of the things
we will look at and when done, extensive reporting will tell you exactly what
measures to take. We can communicate with your regular software supplier so
any issues can be fixed when you receive our report.
In the past we also found the original software supplier unwilling or unable
to fix the issues mentioned. This need not be a problem -- with pleasure we
can provide you with a quote to get you running safe and secure!