A Security Review is a packaged 10 hour Ad-Hoc Consulting arrangement.
We can help you to mitigate specific threats, e.g. "I don't want my email database stolen" or advise you on your current security status "am I susceptible to any of the OWASP Top 10 vulnerabilties?". With our systems administration experience we can assess and harden servers from the outside; firewalls, HTTPS, remote access; through to the inside; logging, SE Linux, webserver and PHP permissions, Java environment, authentication, and IDS.
If you require an assessment against a compliance standard we can help. Security standards we are familiar with include PCI-DSS, ISM and OWASP AVAS though we are willing to service most other information security standards (they generally cover the same material).
We do the following:
- Discuss with you whether there are any particular current concerns you'd like us to investigate.
- Arrange remote access to your servers that are relevant to the scope of assessment.
- Take a look around on the servers, both on the OS level as well as the specific services such as MySQL, Apache/ Lighttpd / Nginx.
- We report back to you on our findings, and prioritise work. There might be improvements/changes that should be implemented immediately (within the initial review timeframe), and some that can be addressed later (additional ad-hoc work, or over time within a subscription arrangement).
- We do the urgent work, as agreed in the prior step and within the agreed timeframe/cost.
- We review the gains with you, and discuss future steps and arrangements.
I Want It
Please pass us your details via our Support Inquiry form, and we'll get back to you!
For urgent issues see our Contact details - please note our terms below. We only handle one emergency case per client, ever - this is not negotiable. You may come in as an urgent case, but we really don't want you to stay that way.
Security Review Rate and Terms
- A Security Review is capped at 10 hours by default, we do what we can within the budget you set.
- See Open Query Pricing & Terms for current rates.
- Handling an emergency is NOT an Initial Review. Emergency work availability not guaranteed (we greatly value our life outside work, and we prefer to focus on preventing fires rather than fighting them). Note: we only handle one emergency case per client, ever! You may come in as an urgent case, but we really don't want you to stay that way. Emergencies, if handled, are at the Unscheduled remote rate.
- We will invoice you after the initial review. You will pay promptly, or we may choose to not do further business with you. Yes, we do that, happy business relationships are important to us.