Fast, affordable website security checks for small businesses.
— We manually test your website for common vulnerabilities and deliver a simple report with clear, actionable fixes.
Key areas we cover
- HTTPS/HSTS & security headers (CSP starter, Referrer-Policy, X-Frame-Options)
- Authentication & session hygiene
- Access control basics & simple IDOR checks
- CSRF protection on sensitive actions
- File upload checks (type/size/path) on forms or CMS
- CORS sanity & exposure sweep (.git/.env/backups)
- Admin hardening & rate limits
- CMS/plugin hygiene
Sample report (snippet)
Risk: HIGH — Missing Content Security Policy (CSP) Impact: XSS from 3rd-party widgets could steal session tokens. Evidence: No `content-security-policy` header on /* responses. Fix: Start with: default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; Then tighten per assets.
FAQ
Is this the same as a penetration test?
No. It’s a non-intrusive security health-check for small sites. If you need a formal pentest, we can refer you.
Do you need admin access?
Usually no. For pre-launch flow reviews we may ask for a staging login.
What’s the guarantee?
Money-back if we can’t demonstrate a material security improvement in your report.
What happens after we patch?
You get a free 7-day re-check to confirm fixes.