Website Security Vulnerability Assessment

What is it?

A Website Security Vulnerability Assessment is the method for identifying security holes, flaws and weaknesses associated with your website. It is conducted using automated scanning software programmed to find application-layer vulnerabilities that would make the website vulnerable to attacks from hackers.

Why should I do it?

To see your website the way a hacker sees it. Conducting this assessment will show you any existing weaknesses that could be exploited to compromise your website and gain access to back-end support systems.

It is recognised as “best practice” for keeping up with application level threats and good security administration to meet ISO 27001 and United Kingdom Data Protection Act (DPA) compliance. Website application vulnerability scanning is also mandatory for compliance to the Payment Card Industry (PCI) Data Security Standard (DSS).

How often should I do it?

At least every three months and after any major changes. Quarterly scanning of websites that process, store or transmit cardholder data is mandatory for compliance to PCI DSS.

What will Risk Factory do?

• Identify security vulnerabilities associated with your website’s operating systems, services and applications.
• Test each of the vulnerabilities identified against our database of known threats and attacks.
• Conduct an assessment to meet PCI, DPA or ISO compliance requirements (select at checkout).

What will I receive?

• A comprehensive report of the findings detailing a straight-forward explanation of each vulnerability identified and our cost-effective recommendations for mitigating each vulnerability. For a sample report please contact Risk Factory.
• On-call telephonic support from an information security consultant for two weeks after the assessment to answer any questions you may have about the report or remedial recommendations.
• A free re-assessment scan two weeks after the original scan to ensure recommended remedial actions were effective in mitigating the vulnerabilities originally identified.
• A certificate of validation for evidence of compliance.

Do I need to prepare anything in advance?

We just need the address; the Uniform Resource Locator (URL) of the website you need us to test. If you don’t know the address, don’t panic our Factory Foreman can help you.

Also, don’t forget to specify the exact number (quantity) of assessments you’d like to purchase when getting your quote. Our Factory Foreman will call you to schedule each assessment purchased. You can for example, purchase multiple assessments (for better value) and get them delivered over time when you need them to match your ongoing business requirements.