Website Security Health Check

Website Security Health Check

Our unique website health check service has been developed specifically for small and medium enterprises (SME’s) to help identify and fix vulnerabilities in your website:

  • Find and fix vulnerabilities in your website
  • Prevent business impact and reputational damage
  • Backed by the world’s largest continually updated library of vulnerability and configuration checks
  • Reliable reporting and mitigation advice
  • Simple to setup and no interruption to service

Fixed price per website

Your website is important to your brand and reputation, but is it secure?

Why website security is important for your business

Your website showcases your brand to the world. If compromised both revenue and reputation are at risk. 

  • Why spend thousands developing a website to showcase your brand and not protect your investment?
  • What happens if a hacker targets your website?
  • How would you recover your website?
  • Who would you call?
  • How can you best protect your business?

Why would a hacker be interested in my website? 

Most attacks don’t target businesses directly; automated processes seek victims with weak security regardless of industry, size or status. Often smaller businesses are a soft target for the attacker whose motivation is to access your website and host malicious activities.
It is vital for an attacker to remain undetected, so you could be compromised for quite some time without knowing.  

How do websites get compromised? 

Attackers know about vulnerabilities in common platforms, such as WordPress, Drupal, Umbraco, etc. These can range from technical exploits to simple password guessing attacks. Rather than attacking specific sites, they set their net wide and scan the Internet for targets matching the vulnerabilities they have exploits for.  

Isn’t everything secure by default? 

Sadly no, as the Internet and technology have evolved there are very few platforms and solutions that are identical. This gives the attackers many potential avenues to explore, especially if you are using older versions of technology.  

What is the impact to me? 

Even if you don’t take payments or hold sensitive data, a compromise will have a financial impact in both recovery time and costs as well as reputational impact. Reacting to a breach can be stressful and finding people to help at short notice is very expensive.  

How do you test a websites security? 

At RM Information Security, we have years of experience carrying out manual security assessments of all types of websites and technologies. This is commonly referred to as Penetration Testing. We are usually engaged by large enterprises where we use a mixture of tools, custom scripts, manual techniques and our 20+ years of IT experience to test for weaknesses and then provide recommendations on how to improve security.  

Is it expensive? 

No!
Penetration testing is expensive, however building on our corporate experience we have designed a service called “Website Security Health Check” focused on smaller businesses to provide a good level of security at an accessible price.  

How does it work? 

Provide us with your URL and complete our simple order form to authorise the test. The testing is automated and usually takes around a day. Once completed our consultants will collate, review and securely send you the report.  

Improve your security 

The true value of the health check is realised when you implement the recommendations and improve the security of your business. Our reports include detailed descriptions of any findings and we are always available to support you via our dedicated help desk.  


Fixed price per website


<

“Often smaller businesses are a soft target for the attacker whose motivation is to access your website and host malicious activities”

Bringing the power of penetration testing to small business

RM have carefully automated our state of the art penetration testing process, delivering huge value at to small and medium enterprise at an accessible price.  

  • Uses advanced logic to automate the actions of a manual penetration tester
  • Good performance against common vulnerabilities such as OWASP top 10
  • Backed by the world’s largest continually updated library of vulnerability and configuration checks

Vulnerabilities are identified based on functionality in the following areas:  

  • Authentication
  • Authorisation
  • Business logic
  • Configuration
  • Cryptography
  • Information disclosure
  • Input validation
  • Insecure functionality
  • Session management

RM Information Security has chosen Tigerscheme as its preferred certification for penetration testing.  

Tigerscheme was founded in 2007, on the principle that a commercial certification scheme run on independent lines would give buyers of security testing services confidence that they were hiring in a recognised and reputable company.  

Tigerscheme qualifications are recognised by CESG, as the National Technical Authority for Information Assurance in the UK, as technically equivalent to the most senior examination level for penetration testing (CHECK Scheme Team Leaders). The scheme is also run independently with a rigorous examination process.  




Fixed price per website


“Even if you don’t take payments or hold sensitive data, a compromise will have a financial impact in both recovery time and costs as well as reputational impact”

Reliable reporting and mitigation advice

Clear and consice reporting 

Our reports compare vulnerabilities in a meaningful way that makes your life easier when fixing the problems. We consider the overall risk profile based on Common Vulnerability Scoring Systems ratings (CVSS - http://www.first.org/cvss/).  

Technical summary

This section is of great importance to the remediation planning that follows the test. A table containing vulnerabilities in order of risk including:

  • Rating - Critical, High, Medium, Low and Informational
  • Reference number
  • Vulnerability name
  • Short mitigation

Detailed technical findings

Technical findings include:

  • Rating - Critical, High, Medium, Low and Informational
  • Reference number
  • Vulerability class
  • OWASP reference (where applicable)



Clear detailed text describes the findings and systems affected and may include - example code snippets or relevant technical examples that allow the issue to be easily replicated.


Technical recommendation, to mitigate the finding will include relevant external references such as OWASP good practice guides, whitepapers and other technical references. Where fixes are not available alternative workarounds will be suggested.


Fixed price per website


Our other services

FOLLOW US

ADDRESS
Peter House
Oxford Street
Manchester
M1 5AN

© RM Information Security Limited 2017.
All rights reserved.

CONTACT
Email: info@rminfosec.co.uk
Phone: +44 (0) 161 209 3939