Ecommerce Security Audit Basic Plan is a basic security audit service that identifies vulnerabilities like cross-site scripting, guessable credentials, unattended application security flaws, and other misconfigurations. Under this plan, security experts will audit your eCommerce store against general security guidelines and as a result, will find out vulnerabilities and logical flaws. The key focus of this plan is to find out possible misconfigurations and loopholes in your eCommerce store.
Customer’s privacy is our topmost concern. The company will keep customer’s information confidential and limited to itself throughout the process.
Features provided by the Plan –
- Checks misconfigured HTTP headers.
- Checks session and cookies handling.
- Identifies platform-specific known vulnerabilities.
- Checks cryptographic algorithms.
- Evaluation of server fingerprinting.
- The evaluation of SSL ciphers and protocols.
- Evaluation of network ports and protocols.
- Check against password brute force.
Noteworthy Points To Remember –
- This service requires a website URL.
- No aggressive scanning will be there.
- If the website is in production mode, we recommend customers to provide the staging website, else customers can provide the time window of least traffic hours when the website has minimum to zero traffic to avoid the impact of audit on the business.
- After the audit, a report listing vulnerabilities and recommendations will be shared with the customer only.
- Since this service does not involve aggressive methodologies, it will not cover in-depth security assessments and penetration testing.
- No bug fixing and security patching will be included in this service.
- Security vulnerabilities identified will be presented to the customer and will ensure that risk has been addressed.
- Any vulnerability which may have been discovered or any public exploit made available after sharing the report does not come under this audit.
- Due to the nature of security testing, the lack of discoverable flaws and loopholes does not mean the software is fully secure.
- After sharing the report, any changes in configuration, infrastructure, or any update applied on the host at the software/hardware level that may cause a security impact on the system, invalidates the submitted findings of the report.
- The way of finding vulnerabilities may not be representing all the possibilities, although this service tries to cover the major ones.
- This module will audit the website only against the listed features of this plan.
Faqs for Ecommerce Security Audit Basic Plan –
What is Ecommerce Security Audit Basic Plan?
Ecommerce Security Audit Basic Plan will Identify vulnerabilities like cross-site scripting, guessable credentials, unattended application security flaws, and other misconfiguration. Security experts will audit your eCommerce store against general security guidelines and as a result, will find out vulnerabilities and logical flaws. The key focus of this plan is to find out possible misconfigurations and loopholes in your eCommerce store.
Does this plan includes OWASP top 10 ?
This service covers only few of them.
Do I need to provide server credentials for the audit?
Not mandatory. This plan requires website url only. However, read-only ssh credentials will help the security experts in analysis.
My website is in production mode, could this audit service cause an adverse impact on my website and business?
For audit, staging website is mainly preferred, else the customer can provide time window of least traffic hours when production website has minimum to zero traffic to avoid the impact of audit on the business. In this way, the audit will not affect your business.
Does it involves all security patches in the audit?
No patches will be done, only suggestions will be provided in the report.
Once I have fixed the issues, does revalidation of issues includes extra cost?
No, there will not be any revalidation cost for the issues listed in the audit report. Revalidation should not be considered as a reaudit as only those issues will be validated that are already pointed out in the previous report.
Does this service covers PCI DSS or any other compliance compatibility?
No, this is a general security audit service.
How can i communicate with you?
The mode of Communication will be Ticket and Email only. To create a ticket, you need to refer to this link also- https://webkul.uvdesk.com/en/customer/create-ticket/
That’s all about the Ecommerce Security Audit Basic Plan.
Thank You for reading this Blog!
For further more interesting blogs, keep in touch with us. If you need any kind of support, simply raise a ticket at https://webkul.uvdesk.com/en/.