Security
Whether you have a small website or enterprise software, if you don't invest in security you will likely be vulnerable. As a developer, I've specialised in login systems and security for most of my career, I now offer a full security service including Auditing, Remediation, Maintenance and Monitoring.
My work is affordable, actionable, and thorough and I provide ongoing support and remediation.
Security Auditing
The first step is to understand where you currently are, what is the state of your system, what are your threats, where is your product or website falling short of best practices. There may be gaping security holes that haven't yet been exploited, or your system may already be compromised but you aren't yet aware.
I offer very affordable but surprisingly thorough auditing service. I specialise in Wordpress auditing but can handle any kind of software product or system. These are the services I would offer in a typical security audit:
1. Threat Modelling
Understand and prioritize the attackers who are actual threats to your system.
3. Access management
Many breaches happen due to compromised admin accounts. Let's find and close any back doors to the system.
2. Best practice review
In my experience, most organisations have some glaringly obvious issues which could be identified and fixed within a few days. Unpatched vulnerabilities, default admin passwords, system backups being published on the web. Let me get in and find these things which shouldn't be happening.
4. Infrastructure review
It doesn't matter how secure your source code is if the server it runs on gets compromised.
3. Source code review
Using both automated tools and my own experience to find signs of vulnerabilities
5. Recommendations
Review the whole system, access management, patching, networking etc and prioritise recomendations
Remediation
After assessing your current system security, I can work quickly to remidiate issues and get you back into a safe position. Many issues are almost trivial to remediate but others require process changes, others require custom development. I will work with you to remediate the highest impact issues first based on your priorities and budget.
1. Critical issues
Let's put out any fires and close any obvious vulnerabilities
2. Processes
Processes are usually simple and often automated such as configuring a firewall and regular malware scans, setting password policies, regular backups, regular patches etc.
3. Secure develoment
If code needs to be patched and rewrote to close security holes, I can do that or highlight issues to your team.
Ongoing support
Security doesn't end with an audit, it is an ongoing battle between your systems security and the attackers who would exploit it. I can provide ongoing support, keeping your system up to date, monitored and respond to any incidents that do come up.
1. Updates
The boring part of security, ensure that your system remains patched and up to date.
2. Monitoring
Configure and monitor alerts so that you can be confident that your system hasn't been breached
3. Incident response
In the unlikely event that a security breach does occur, I can be on call to remediate the attack, analyse it's source, and ensure it doesn't happen again.
Testimonials
Eru has provided an extremely thorough security assessment of our WordPress site, with valuable recommendations for improvement. We subsequently engaged Eru to attend to all of the recommended action points to ensure our site is secure for our users. In the course of this work, Eru has also identified significant attacks on our system and worked tirelessly to rectify these with the platform hosts. We have found Eru's work to be of extremely high quality, reliable, and well-executed. I would highly recommend Eru's services with WordPress development and security management.
Angela Bush
Founder ECE Learning Unlimited
https://www.ecelearningunlimited.com/