Website Security Services - Secure Your Website and Be Safe With Our 30 Point Security Package and Annual Security Audit.

Website Security Services - Secure Your Website and Be Safe With Our 30 Point Security Package and Annual Security Audit. 

 

 

Website Security Risk Assessments

Given how difficult it can be to identify and keep up with all of the security vulnerabilities that websites can incur, it is critical to have regular and frequent security assessments performed by a knowledgeable team. Become proactive instead of reactive to the security concerns of the day with the 911WEBSITEREPAIR.com 30 Point Security Risk Assessment.service. 

There are several service plans to select, Basic, Standard, Premium and Gold. These packages are only available for websites hosted on Shared Hosting Solutions. Service level pricing is based on number of tasks performed and the time needed to perform those tasks. 911WEBSITEREPAIR.com will prioritize which tasks are to be performed based on the severity of the security risk the issues present to your website. 

For Virtual and Dedicated server service, 911WEBSITEREPAIR.com offers a full service plan by quote only.

Then once a year we will perform an Annual Security Audit and send you a report for further security measures that you may need to take to guard your website against any new vulnerability. 

 

 

note: the Secure-A-Site packages does not include the PCI-DSS audit services.

---

 

 

Tasks will be prioritized in your website security report and the tasks to be performed will be selected from the following list as needed.

1) Secure against direct access
2) Secure against remote file inclusion
3) Secure against SQL injections attacks
4) Secure against Cross Site Scripting XSS
5) Secure register_globals
6) Check access privileges of users
7) Raw component output (for pictures, RSS-feeds etc.)
8) Add security announcements feed to their admin panels (joomla)
9) Uninstall all unused templates/modules/components/plug ins
10) Use a htaccess file to password protect administrator area of your site
11) Move configuration.php file to a folder with a unique name.
12) Recommend secure hosting solution with PHPsu or PHPsuexec installed
13) change the name of the default admin user
14) turn off RG_EMULATION
15) Directory Traversal
16) Vandalism and Hacking
17) Form Tampering and Spoofing
18) HTTP Sniffing
19) Disable directory browsing.
20) Configuration files held securely and read-only where possible
21) Turn off error reporting in PHP – use error logs instead
22) Basic validation of requests to run scripts
23) Release notes, install logs, etc. deleted.
24) Insure Form and URL input always validated (especially where SQL commands are involved or the data entered will be displayed on a dynamic web page)
25) Enable Server Side Processing wherever possible
26 ) Ensure Cookies only used to hold session IDs or tokens – no personal data
27) Disable the HTTP TRACE option (using mod_rewrite if necessary – eg. on shared server)
28) Ensure SSL is properly enable (only if previously installed)
29) Use mod_security
30) Provide recommendations and quote for more complicated websites and security efforts that are outside of the scope of this package..

 

---

 

note: All security services are performed on a "Best Efforts Basis" only and in no way can we insure that a site is ever completely secure and hardened to hacking and other security vulnerabilites. All work performed is based on the industry best security practices and the known vulnerabilities and hardening techniques available and in use at the time of implementation of our security services.