I am building a website for a client. He's asking me to do security audit of the website. I don't have expertise in security audits and the budget is low. However, I am trying to give the best value to my client. Is there any tool using which I can perform security audit of the website at a low cost?
Asked
Active
Viewed 114 times
-1
-
With low budget and lack of expert I would pick [one of those free/open source static analysis tools](https://owasp.org/www-community/Source_Code_Analysis_Tools) with good rating and nice success stories and would run it on my code and would provide customer with report generated by such tool. – Maxim Sagaydachny May 03 '21 at 15:34
-
Thank you. I had a look, there are a lot of names there. Which one do you use? – Apeol Dan Arvic May 04 '21 at 06:04
-
1) some of those tools can test single language/technology only. You did not mention language and framework which you used to build the app so I can't help you with narrowing that list down. I suggest you to add extra information into your original question and tags(do not use comments for this purpose). Usage of proper tags helps experts to find your question. 2) I do not use these tools for several reasons so I'm not a good adviser about picking some specific tool – Maxim Sagaydachny May 04 '21 at 06:46
-
The language is PHP. It's a Wordpress website. – Apeol Dan Arvic May 04 '21 at 11:36
3 Answers
0
There are also a few SaaS vulnerability scanning tools that I personally use for my website. Some are free or have subscription-based plans according to users' budgets. Providing you with a detailed report along with consultation from a security expert if required.
Max
- 1
- 1
0
I have faced similar issues in the past, it's difficult to find an all in one solution as it is and usually the clients don't even know what they want, also they don't realize that getting security audits done will subsequently increase the cost from the original budget by a huge margin.
I did however, go through the comments and found https://reconwithme.com mentioned, will have a look and provide feed back after using it. I have tried acunetix and they're good but is extremely expensive for start ups who are just entering the game.
X_X
- 1
-1
Forgot to mention the tool I use, its called ReconwithMe.
Max
- 1
- 1
-
please edit your previous post instead making new one. And delete this one when you add extra details into your first post – Maxim Sagaydachny May 04 '21 at 11:56