Web application security audit services
IT security is one of most important challenges of the XXI. century. I can help you the following ways:
Online security testing
Trying to get unauthorized access using the same techniques attackers will use against it when it goes live. Includes trying to inject malformed or invalid inputs, reaching for supposedly unreachable parts (path traversal), breaking the flow of complex operations, and looking for possible openings for cross-site scripting or cross-site request forgery; with optional stress testing.
Security testing usually takes about three to four hour of my time (for testing and writing the report) and one day virtual machine time for the automated tests, but for now, it only requires an investment of only £79, as an introductory price.
Code review means searching for vulnerable parts in the program's code itself. Includes looking for vulnerable SQL statements, architecture review, looking for parts that can be called without authorization, points of remote file inclusion, and OS command executions.
Code review requires the investment equivalent of one day's work (£400), with exceptions for very small and very large codebases. The service also includes security testing, if the application is reachable over the Internet.
Building defensive systems
Configuration of firewalls and demilitarized zones, setting up Instrusion Detection Systems (IDS) and even virtual honeypots, on an hourly basis (£60/hr).