GovCMS security audit services

Best practice audit to assess compliance with solutions for common security exploits and vulnerabilities, includes recommended remediation plan and high level cost assessment.

Relates to

GovCMS, Drupal
Discovery & strategy, Technical advisory
Web development
Technologist

Overview

Salsa’s security audits focus on best practice to optimise your website’s security. A ‘simple’ security audit package includes up to five custom modules, 1,000 code lines (each per module), 10 custom page templates, five content types, 1,000 lines of all client-side scripts, and zero integration points.

Cost: $7,410 +GST for a simple security audit package

Engagement process

Our engagement process is outlined below:

  1. Review questionnaire or brief: Agency to complete a light questionnaire (or send Salsa a high level project brief) reflecting basic requirements and/or project key business drivers.

  2. Intake and alignment: Salsa conducts a free 30-45 minute intake phone call to align on scope, expectations and overall engagement requirements based on the questionnaire or brief.

  3. Project setup

  4. Environment setup and assessment tooling

  5. Run automated security tests

  6. Conduct manual security audit

  7. Produce security audit checklist report covering issues, criticality, recommendations and cost estimates for remediation

  8. Report handover and optional stakeholder presentation

The scope of a security audit includes:

  1. Backend custom code/module review for security coding standards, vulnerabilities and attack prevention

  2. Frontend client-side script review for security coding standards, vulnerabilities and attack prevention including (but not limited to) handling of user inputs to avoid SQL injection, filter functions to clean template variables, etc.

  3. Password security configuration and policy review

  4. Module security configuration review, including verifying standard security modules are installed and configured to be effective

  5. Security patch management workflow (PaaS) — Review the process on how security patch announcements are monitored, notified, assessed, actioned, validated, deployed and documented

Outputs

After a security audit, you’ll receive:

  1. Checklist report including criticality indicator for critical, high priority, medium priority and low priority security findings

  2. Issue identification and/or potential areas of attention

  3. Recommendations and/or suggested remediations

  4. High level costings on implementing suggested recommendations/remediations

Outcomes

  • A clear understanding of your site’s risk profile and security compliance, with steps to mitigate any security vulnerabilities

Fixed price package

Item Hours Cost
Setup cost 6 hours $1,170 +GST
Security audit 24 hours $4,680 +GST
Project governance 8 hours $1,560 +GST
Totals (@ $195/h +GST) 38 hours $7,410 +GST

Related links

Get in touch

Click the contact us button below or call us on 1300 727 952 or +61 3 9910 4099 to discuss how our services can help you. 

Contact us