Security

We consider security to be critical for websites. Unfortunately, it's the most neglected.

When a user enters data on your website, they're taking a risk.  They may be giving up their location, personal data, and even financial information under a presumption that you are taking care to protect their security.  In some cases, you may be legally obligated to do so.

Is your site secure?

There are various degrees of security, depending on the purpose of your website. If you have a blog that receives email addresses for newsletters, your security requirements will not be as extreme as a website that receives banking or medical information.

Every website, however, should have the basic security configurations set, such as a strong TLS certificate, the HTTP security headers are set and configured properly, and the site is running the latest releases of third-party libraries, such as jQuery.

We check for these basics in our baseline audit of your site.

From this audit, we generate a report and an action plan detailing the issues and how to fix them. After the baseline audit, we can perform a deeper level of scanning if your site requires it.

Conceptually, envision our security audits as if they're for your home security. The baseline audit would be like us doing a walk around the perimeter, checking for the basics, like making sure your windows are shut, the porch lights have light bulbs, and your gate has a lock.

For more aggressive testing, and continuing with the real-estate analogy, we'll jiggle your doors and windows, try to figure out what type of security alarm you have, and see if we can figure out what valuables you may have without actually breaking in.

Penetration Testing

If we need to go further after a vulnerability assessment, we can enter a penetration testing engagement tailored to your organization.

Penetration testing is when we simulate a cyberattack on your system in a controlled manner.  Our team conforms to the guidelines of Penetration Testing Execution Standard.

This is a more involved service, so feel free to contact us to learn more about our penetration testing.

Secure email, and shared encrypted file system

Espionage is a real problem, even if you don't have materials of national security.  Customer data, financials, and payment information are examples of data a cybercriminal would love to acquire, made easy by sloppy security policy and open networks.

For inter-office communications and data storage, we can secure your intranet with encrypted shared file system and encrypted email.

Compliance Assessment

Let us help make sure you're in compliance for your industry.

HIPPA

ADA (Guidlines)

HITECH

CCPA

PCI

FDIC

GDPR (EU)

ITAR

We know you have questions. We like to talk.

Ask us anything, anytime, without obligation.