Audit It
Our Home Page Sign Up for a Web site evaluation The Web site Evaluation process Why professional Web site analysis helps you Insights into online success The Auditit Team's Experience Get in touch with Auditit
Services
Is your site suitable for public consumption
Sign up now for a Web Site Audit
Read useful Web Site Evaluation Articles
BRIEFS AND SPECS
So you've decided that your Web site needs an overhaul. Before you start work, however, you and your Web design firm need to do a bit of planning.
More>
Join the Auditit Affiliate Program
Join the Audit It Affiliates program and earn $200 for every person you send us that signs up.
More>
Web Site Evaluation Facts that Matter
4% of dissatisfied customers will get in touch. 96% will simply go elsewhere. (WebPartner.com White Paper)
Sign up for our EBusiness Newsletter
Useful Web Site Auditing Links
Checking the Locks

An AuditIt Security Audit Report is based on a set of tools updated daily that reflect the latest in cyber-vandal/hacker technology. AuditIt uses those tools to check your Web site’s locks and recommends where you need to change the locks. 

Protecting Your Web Investment

Can you be sure be sure that your Web site investment is safe from unwanted, damaging and expensive exploitation?

Your Web site is at risk from unscrupulous elements in the Web community, just as your house or office is at risk from criminal elements in the wider community.  You need to check that the locks you have in place will actually stop cyber-burglars and cyber-vandals gaining access to your Web site.

You need a detailed security audit for the same reason you need a Web site audit report . Why? Because your team can’t see your Web site’s weaknesses as clearly and objectively as an independent third party.

AuditIt Security Audit Reports

AuditIt has adapted the most comprehensive security checking tool available online to provide you with a detailed assessment of your Web site’s vulnerability to hackers. The process is simple: we test whether your site is vulnerable to hackers by using their knowledge to your advantage.

Nessus [http://www.nessus.org/intro.html] provides us with a constantly updated list of exploitable security holes. We test your site to see if your site leaves these holes uncovered. We then identify uncovered holes and how to plug/patch them in a detailed report. 

Your AuditIt Security Audit Report is only US$200.00 (or US$5100 if produced in tandem with a Web Site Audit Report):
Sign up Here

The Value of a Security Audit

  • AuditIt effectively simulates an attack by the most sophisticated hacker. We test for the latest security vulnerabilities not well known ones.
  • We offer a perspective that your in-house team cannot offer: an external view of your network.
  • We test for the full ranges of vulnerabilities from mail server vulnerabilities to gaps in firewalls: all your locks are checked.
  • We use the bad guys’ tools to protect you from them (e.g. Nmap, which we use as a port scanning tool, is the port scanner of choice for hackers).
The Security Audit Process in Detail

The first step in the process is to gain a clear picture of the technological characteristics of your network. To do this we port scan your server using Nmap (http://www.insecure.org/nmap/). Nmap uses raw IP packets in novel ways to determine:

  • what hosts are available on your network,
  • what services (ports) they are offering,
  • what operating system (and version of that operating system) you are running,
  • what type of packet filters/firewalls are in place
  • and dozens of other characteristics.

This information gives AuditIt a clear picture of how your Web site/network is put together and protected. We then test the server against our database of potential exploits possible for the open ports, software and Operating System found on your server.

For Example: Imagine, AuditIt is checking whether your Web site is vulnerable to the well known "Code Red" virus. 

  1. Our port scan tells us whether your site is possibly vulnerable to Code Red.
  2. AuditIt simulates the virus attack: checking for the presence of certain files, or open ports in exactly the same way the virus would.
  3. If we find that your server is vulnerable to Code Red’s method of attack, rather than infecting the server, we add this vulnerability to our report.
  4. The report you receive will alert you to this vulnerability and suggest how to repair the security defect, offering links to relevant patches, and more information.

Please be aware that testing can take some time. Depending on what software and operating system you have running on your server, AuditIt may need need to perform well over 650 test to complete your security report.

Minimizing Risks

Testing for exploits can be risky. Security probes may adversely affect your web server. We are, afterall, attempting exactly the same tactics used by hackers to gain access to your server. But AuditIt takes steps to minimize this risk:

  • AuditIt will only test for one vulnerability at a time. There is a 15 second delay before we perform the next test. This minimizes stress on your web server or network.
  • The tools we use, Nessus and Nmap, are widely used and rarely impact on the server that is being tested.
  • All destructive tests (e.g. Denial of Service attack) are not performed.

Contact us securityaudits@auditit.com to discuss further concerns.

  © 2003 WebAudits LLC - All Rights Reserved - Legal  -  Privacy Policy