Cybersecurity audit of websites under the “.UZ” domain
Main Objective of the Service
The main objective of the service is to identify software and technical vulnerabilities in web resources, assess the risks that may arise from their exploitation, and develop practical recommendations for eliminating the identified deficiencies.
During the assessment, the website’s software, server configurations, content management system, installed plugins and modules, authentication mechanisms, data processing procedures, and resilience against external attacks are analysed.
Assessment Areas
- Presence of malicious software code on the website
- Unauthorised modification of website files
- Presence of web shells, backdoors, and hidden scripts
- Outdated or vulnerable CMS platforms, plugins, and modules
- SQL Injection vulnerabilities
- Cross-Site Scripting — XSS vulnerabilities
- Cross-Site Request Forgery — CSRF vulnerabilities
- Local File Inclusion and Remote File Inclusion vulnerabilities
- Vulnerabilities that may allow remote code execution
- Security weaknesses in file upload functionality
- Vulnerabilities in authentication and authorisation mechanisms
- Weaknesses in user session management
- Disclosure of confidential information
- Incorrect server and web application configurations
- Problems with SSL/TLS certificates and HTTPS configurations
- Missing or incorrectly configured HTTP security headers
Assessment Process
Automated Scanning
The software and technical condition of the web resource is comprehensively scanned using modern cybersecurity assessment tools.
Expert Analysis
The identified results are manually analysed by specialists to verify whether the vulnerabilities actually exist and whether they can be exploited.
Risk Assessment
The potential impact of the vulnerabilities on the organisation’s operations is assessed, and practical recommendations for their remediation are developed.
Manual Assessment of Critical Functions
In addition to automated scanning, the website’s critical functions are also assessed manually. This includes examining the security of user registration, login, password recovery, file upload, search functions, data entry forms, the administrator panel, and other interactive sections.
Assessment Results
Upon completion of the assessment, an expert report is provided containing the identified vulnerabilities, their severity levels, possible consequences, and practical recommendations for eliminating the identified deficiencies.
+99871 203 00 23
Report cyber incident:
incident[at]uzcert.uz
Tashkent city, Mirabad district,
Taras Shevchenko street 20
