Highly exposed to attacks, websites or web applications are vulnerable tools if security is not ensured. Drupal is no exception. To avoid risks—and especially costly emergency interventions—we offer you a security audit...
Heavily exposed to attacks, websites and web applications are vulnerable tools if security is not ensured. Drupal is no exception. To avoid risks, and especially costly emergency interventions, we offer you a security audit that will allow you to continue using your site with peace of mind and implement best practices for preventive maintenance.
A security audit: What’s the point?
SQL injections, session authentication management breaches, XSS vulnerabilities, unsecured direct object references, exposure of sensitive data, CSRF attacks—the extensive list of security weaknesses shows that website security is essential to ensure viability. Yet, many sites remain at risk due to missed security updates.
Conducted by our Drupal experts, the security audit is a system and application review of your Drupal site aimed at ensuring best practices and platform security. The security audit consists of several intervention stages that help identify existing security vulnerabilities in your Drupal site or application and recommend suitable security solutions.
The process
The analyses performed include:
- Temporarily migrating the site and data to our development environment;
- Checking configurations;
- Checking custom scripts;
- Listing active modules;
- Using Drupal tools to check the integrity of Core and contributed modules (which we will need to update regularly);
- Verifying the necessary PHP modules for site operation - Hacked Module;
- Reviewing custom code, checking Drupal development standards and the temporary directory;
- Analyzing file system access policies and application-level partitioning settings;
- Analyzing server settings (Apache/ Nginx/ Varnish, firewall, PHP, etc.)
After the audit
The security audit includes analysis and documentation of security vulnerabilities as well as protection measures for your platform. Thus, you will receive two recommendation documents listing the tools needed to secure the platform and the recommended configurations:
- An audit report describing the tests and their results;
- A technical appendix with the recommended configurations.
Security audit cost -
The security audit takes 2 days and is estimated at €975 excluding tax.
