Relates to
Overview
Salsa’s security audits focus on best practice to optimise your website’s security. A ‘simple’ security audit package includes up to five custom modules, 1,000 code lines (each per module), 10 custom page templates, five content types, 1,000 lines of all client-side scripts, and zero integration points.
Cost: $7,410 +GST for a simple security audit package
Engagement process
Our engagement process is outlined below:
Review questionnaire or brief: Agency to complete a light questionnaire (or send Salsa a high level project brief) reflecting basic requirements and/or project key business drivers.
Intake and alignment: Salsa conducts a free 30-45 minute intake phone call to align on scope, expectations and overall engagement requirements based on the questionnaire or brief.
Project setup
Environment setup and assessment tooling
Run automated security tests
Conduct manual security audit
Produce security audit checklist report covering issues, criticality, recommendations and cost estimates for remediation
Report handover and optional stakeholder presentation
The scope of a security audit includes:
Backend custom code/module review for security coding standards, vulnerabilities and attack prevention
Frontend client-side script review for security coding standards, vulnerabilities and attack prevention including (but not limited to) handling of user inputs to avoid SQL injection, filter functions to clean template variables, etc.
Password security configuration and policy review
Module security configuration review, including verifying standard security modules are installed and configured to be effective
Security patch management workflow (PaaS) — Review the process on how security patch announcements are monitored, notified, assessed, actioned, validated, deployed and documented
Outputs
After a security audit, you’ll receive:
Checklist report including criticality indicator for critical, high priority, medium priority and low priority security findings
Issue identification and/or potential areas of attention
Recommendations and/or suggested remediations
High level costings on implementing suggested recommendations/remediations
Outcomes
- A clear understanding of your site’s risk profile and security compliance, with steps to mitigate any security vulnerabilities
Fixed price package
Item | Hours | Cost |
Setup cost | 6 hours | $1,170 +GST |
Security audit | 24 hours | $4,680 +GST |
Project governance | 8 hours | $1,560 +GST |
Totals (@ $195/h +GST) | 38 hours | $7,410 +GST |