Cybersecurity Audit


We complete a 25-point evaluation of the security of your web application.

We audit and measure how your website adheres to the following cybersecurity best practices:

  1. Look for evidence that backups are being made of your site.

  2. Verify that your site is running on a Linux server environment.

  3. Look for known web server security issues.

  4. Look for publicly available backups that might contain sensitive site information.

  5. Evaluate that your site is being backed up adequately.

  6. Look to see that the site has an SSL certificate installed and configured correctly.

  7. Look for evidence of credit card information stored on your site or in your database.

  8. Check to see that file and directory permissions appear to be set correctly.

  9. Look to see that the server is running an updated version of PHP.

  10. Look for suspicious cron jobs.

  11. Look for evidence of cloud-based WAF breaking encryption.

  12. Evaluate whether the hosting panel password is strong and appears to be unique from other passwords.

  13. Check to see if the FTP password is strong and appears to be unique from other passwords.

  14. Check to see if the site is using SFTP to ensure secure file transfers.

  15. Check to see if the site has SSH secured or disabled.

  16. Check for any .my.cnf files in your hosting account containing sensitive credentials.

  17. Look for extra MySQL database users.

  18. Ensure the MySQL database user has appropriate permissions to access and modify the database.

  19. Evaluate the MySQL database user’s password.

  20. Look for remote database access capabilities on your site.

  21. Review the site code to look for any extraneous database connections.

  22. Determine if the host’s version of PhpMyAdmin does not have security issues.

  23. Check to see if database tables require optimization.

  24. Ensure that the database version is adequately updated.

  25. Review email blacklists to ensure your site is not listed.