Kristof Kovacs

Software architect, consultant

Web application security audit services

web application security audit

IT security is one of most important challenges of the XXI. century. I can help you the following ways:

Online security testing

Trying to get unauthorized access using the same techniques attackers will use against it when it goes live. Includes trying to inject malformed or invalid inputs, reaching for supposedly unreachable parts (path traversal), breaking the flow of complex operations, and looking for possible openings for cross-site scripting or cross-site request forgery; with optional stress testing.

Security testing usually takes about three to four hour of my time (for testing and writing the report) and one day virtual machine time for the automated tests, but for now, it only requires an investment of only £79, as an introductory price.

Code review

Code review means searching for vulnerable parts in the program's code itself. Includes looking for vulnerable SQL statements, architecture review, looking for parts that can be called without authorization, points of remote file inclusion, and OS command executions.

Code review requires the investment equivalent of one day's work (£400), with exceptions for very small and very large codebases. The service also includes security testing, if the application is reachable over the Internet.

Building defensive systems

Configuration of firewalls and demilitarized zones, setting up Instrusion Detection Systems (IDS) and even virtual honeypots, on an hourly basis (£50/hr).

What can I do to help you?

Your name:

Your email (so I can reply. Confidential.)

Message: