Cybersecurity audit of websites under the “.UZ” domain

Main Objective of the Service

The main objective of the service is to identify software and technical vulnerabilities in web resources, assess the risks that may arise from their exploitation, and develop practical recommendations for eliminating the identified deficiencies.

During the assessment, the website’s software, server configurations, content management system, installed plugins and modules, authentication mechanisms, data processing procedures, and resilience against external attacks are analysed.

Assessment Areas

  • Presence of malicious software code on the website
  • Unauthorised modification of website files
  • Presence of web shells, backdoors, and hidden scripts
  • Outdated or vulnerable CMS platforms, plugins, and modules
  • SQL Injection vulnerabilities
  • Cross-Site Scripting — XSS vulnerabilities
  • Cross-Site Request Forgery — CSRF vulnerabilities
  • Local File Inclusion and Remote File Inclusion vulnerabilities
  • Vulnerabilities that may allow remote code execution
  • Security weaknesses in file upload functionality
  • Vulnerabilities in authentication and authorisation mechanisms
  • Weaknesses in user session management
  • Disclosure of confidential information
  • Incorrect server and web application configurations
  • Problems with SSL/TLS certificates and HTTPS configurations
  • Missing or incorrectly configured HTTP security headers

Assessment Process

Automated Scanning

The software and technical condition of the web resource is comprehensively scanned using modern cybersecurity assessment tools.

Expert Analysis

The identified results are manually analysed by specialists to verify whether the vulnerabilities actually exist and whether they can be exploited.

Risk Assessment

The potential impact of the vulnerabilities on the organisation’s operations is assessed, and practical recommendations for their remediation are developed.

Manual Assessment of Critical Functions

In addition to automated scanning, the website’s critical functions are also assessed manually. This includes examining the security of user registration, login, password recovery, file upload, search functions, data entry forms, the administrator panel, and other interactive sections.

Assessment Results

Upon completion of the assessment, an expert report is provided containing the identified vulnerabilities, their severity levels, possible consequences, and practical recommendations for eliminating the identified deficiencies.