External security audit
Our security audits are very different from those you can find on the Internet. Because we have direct access to your servers, we are able to perform more comprehensive tests. We also include the standard and extended penetration tests offered by other security companies. Our advanced security audit includes an examination by a network security engineer, an application security engineer (ColdFusion, WordPress, etc.) and a database engineer (SQL, MySQL).
The first thing we do is limit access to ports, reducing the attack surface to its smallest point. Then we focus on the point that is susceptible, and make it look like it is somewhere else (CDN). We give the option to add WAF services, and secure the local server to the CDN. We do a follow-up penetration test and make sure that all ports are closed, unnecessary services are not running, and that TLS/SSL encryption is at its optimal level. We check for operating system updates, application patches, backups, antivirus, etc. We also investigate their log history and event viewers, and make sure they maintain a proper history.