Security and penetration testing

We check your website and your hosting environment for known security problems and configuration errors. Either as a one-off or as a regular service. If we find vulnerabilities or configuration errors, we will help you fix them if necessary.

This offer includes the following components.

Security checks

Server check

We check the basic configuration of your server

HTTP header

HTTP headers are used to protect against phishing and XSS attacks

CVE (Common Vulnerabilities and Exposure)

We check your system for common vulnerabilities and exposures

HTTPS configuration

We check whether the HTTPS encryption of your site has been set up correctly

SQL injections

We check your forms and interactive applications for SQL vulnerabilities

Cross-site scripting (XSS)

We check your forms and interactive applications for XSS vulnerabilities

HTTP header

HTTP headers control, among other things, the following security-relevant basics of a page:

Which scripts may be executed
From which sources may elements such as scripts, stylesheets, videos or images be loaded (basic protection against phishing)
Where may my page be integrated
Cookie settings
What information of my visitors is passed on to other sites (e.g. after clicking on a link to an external site such as Facebook or Instagram)

The following list shows the most important HTTP headers:

Basic server check

We check the basic settings of your server:

Open ports: are only the necessary ports really open? For a web server, we only recommend using ports 80 and 443, which are necessary to access the website. All other ports should not be released for public access
HTTPS: Is a connection only possible via HTTPS? Unencrypted connections are considered a security risk and should be avoided

CVE (Common Vulnerabilities and Exposure)

If known security vulnerabilities are not patched promptly or the corresponding libraries are not updated, an affected system must be considered insecure. There are security vulnerabilities in all software, whether operating system, SSH service, web server, backend languages (Java, php, python, perl), databases, frontend libraries (jQuery, React, Angular, Vue, ...).

We check your website for known vulnerabilities (CVEs) and help to eliminate them.

Standard configurations

There are many default settings, e.g. of web servers, which enable attackers not only to spy out information but also to carry out targeted attacks. These include unmodified default passwords, readable configuration files or readable directory contents.

We check these default settings for common web servers and create a list of suggested changes.

SQL injection

When data is transferred from forms to servers and stored in databases, for example, there is a risk of manipulation. If the data is not sufficiently validated, attackers can manipulate the data in such a way that any content can be read from the database. It is also possible to manipulate or completely delete data.

This method of attack is called SQL injections.

We check whether SQL injections are possible for individual applications and help to eliminate them.

Cross-site scripting attacks

If data from forms or URLs is not validated correctly, it is possible for attacks to manipulate the content of websites. This ranges from simple text changes to the complete replacement of all content. It is then possible, for example, to trick visitors into entering private data or to spread misinformation.

We check individual pages for the possibility of XSS attacks and help to eliminate them.