If you need a site security audit or want to find out more then please contact us for further information. Our website provides comprehensive information to answer your questions. We provide a secure, safe and controlled environment for your website and all your assets, this includes your customers and clients.
The first step of our Site Audit is to identify a potential issue with your website and take steps to resolve it. We will then present the issue to a customer service team who will provide you with a solution that addresses the issues identified and ensures a better overall security for your site.
Our next step of your Website Security Audit will be to examine all aspects of your site, both the user areas and the security aspects of your site. In order to perform this, we use a number of tools including the XSS Filter, XSRF Scanner, HTTP Headers Scanner and URL Reverse Search.
Once we have identified an issue with the security of your site, we then run a series of tests using the XSS Filter to check to see if this is affecting any of the areas of your website. A list of the tests that we use are:
When you run a test against a file you will find whether it is affected by the XSS Filter. The next step in our Website Security Audit is to then run a XSRF Scanner which will examine the XSRF headers on each of your website pages.
The XSRF is an XML Internet Protocol, which can be used by hackers in order to steal your information and can be used for phishing. The XSRF works by sending you an HTTP request that contains the XSRF header and then when your browser interprets this you should see a change to the document you are attempting to open which has been affected by the XSRF attack.
The URL Reverse Search tool is a very useful tool and will allow us to search for any URL on the Internet which has been affected by XSS or any other security threat to your site. We then run a list of these IP addresses with a special XSS Filter so that we can then run a URL Reverse Search against each one to identify the sites that have a high risk to our customers’ security and remove them from our list.
After we have identified a URL Reverse Search, we will then run a series of tests against these websites in order to determine whether or not they are vulnerable to XSS attacks. In some cases we will identify several sites that have vulnerabilities in order to ensure that you are able to fix them as soon as possible.
Once we have identified the websites that have XSS vulnerabilities we will run a series of tests to make sure that we have identified the vulnerability on each page of the website. We then run a URL Reverse Search against each one of the pages so that we can run a full Scan against each one in order to make sure that none of the XSS was injected into the page in the way that was identified. We then check for the existence of a XSS header on each page and then check if there is an XSS payload within the code of the page.
The results of these tests will allow us to see how many XSS payloads are contained within the HTML and whether or not the XSS Filter that we have used is blocking all of the payloads. Finally, we will run a series of tests to determine which XSS payload was being injected into the page and then remove it from the page.
Our final step will be to re-instate all of our previous findings about each of the websites to ensure that our site is secure. The final step will also confirm that your website is secure.
To complete our Website Security Audit, we will then run a URL Reverse Search against each website. If the tests that we conduct are successful, then we should not receive any further requests from any of the XSS Attackers.