Contact us
First Floor, 159 Victoria Pde
Collingwood, VIC 3066
(Google Map)
1300 727 952
or
+61 3 9910 4099
Security audit
Best practice audit to assess compliance with solutions for common security exploits and vulnerabilities, includes recommended remediation plan and high level cost assessment.
Overview
Salsa’s security audits focus on best practice to optimise your website’s security. A ‘simple’ security audit package includes up to five custom modules, 1,000 code lines (each per module), 10 custom page templates, five content types, 1,000 lines of all client-side scripts, and zero integration points.
Cost: $7,410 +GST for a simple security audit package
Engagement process
Our engagement process is outlined below:
-
Review questionnaire or brief: Agency to complete a light questionnaire (or send Salsa a high level project brief) reflecting basic requirements and/or project key business drivers.
-
Intake and alignment: Salsa conducts a free 30-45 minute intake phone call to align on scope, expectations and overall engagement requirements based on the questionnaire or brief.
-
Project setup
-
Environment setup and assessment tooling
-
Run automated security tests
-
Conduct manual security audit
-
Produce security audit checklist report covering issues, criticality, recommendations and cost estimates for remediation
-
Report handover and optional stakeholder presentation
The scope of a security audit includes:
-
Backend custom code/module review for security coding standards, vulnerabilities and attack prevention
-
Frontend client-side script review for security coding standards, vulnerabilities and attack prevention including (but not limited to) handling of user inputs to avoid SQL injection, filter functions to clean template variables, etc.
-
Password security configuration and policy review
-
Module security configuration review, including verifying standard security modules are installed and configured to be effective
-
Security patch management workflow (PaaS) — Review the process on how security patch announcements are monitored, notified, assessed, actioned, validated, deployed and documented
Outputs
After a security audit, you’ll receive:
-
Checklist report including criticality indicator for critical, high priority, medium priority and low priority security findings
-
Issue identification and/or potential areas of attention
-
Recommendations and/or suggested remediations
-
High level costings on implementing suggested recommendations/remediations
Outcomes
-
A clear understanding of your site’s risk profile and security compliance, with steps to mitigate any security vulnerabilities
Fixed price package
| Item | Hours | Cost |
| Setup cost | 6 hours | $1,170 +GST |
| Security audit | 24 hours | $4,680 +GST |
| Project governance | 8 hours | $1,560 +GST |
| Totals (@ $195/h +GST) | 38 hours | $7,410 + GST |
Related news
What it takes to security certify a whole-of-government digital platform
Whole-of-government digital platforms must be appropriately secured to ensure that they protect data and ensure confidentiality, integrity and availability. Adoption of the platform and the platform’s ongoing success requires a security profile agencies can leverage. Salsa Digital and amazee.io delivered the platform, services, process and people for GovCMS 2.0. The solution needed to be security re-accredited from the ground up given the transformation of the GovCMS program. This was a significant undertaking.
ReadWeb applications security #1
This three-part blog series reviews and discusses the security of web applications. This first blog examines a secure process.
ReadWeb applications security # 2 — Five steps to maintain passive security
This three-part blog series reviews and discusses the security of web applications. This blog looks at how to protect your web application from a variety of web-based attacks through passive security.
ReadSecurity at every level
Our three-part blog series reviews and discusses the security of web applications. This third and final blog in the series looks at how to protect your web application from a variety of web-based attacks through active security.
ReadAustralia’s ‘Essential Eight’ for cyber security
The Australian Cyber Security Centre’s Essential Eight are eight measures the Australian Government recommends all organisations take to safeguard against cyber threats. The Essential Eight cover everything from application patching to multi-factor authentication.
ReadHow to improve website accessibility
Site accessibility is an important feature of any website, to make sure everyone can access your site. Below are some important accessibility issues to think about and some tips. The W3C’s Web Content Accessibility Guidelines (WCAG) provide an excellent standard, as does the DTA’s Digital Service Standard.
ReadRelated packages
| Site audit |
A site audit can help you identify issues, their causes and possible fixes. Salsa’s site audit investigates best practice in terms of architecture, development, performance, configuration and security. |
| Performance audit |
A performance audit of your website identifies any issues and makes recommendations on how to fix the issues and optimise your site’s performance. |
