Javascript is required

Audit modelWebsite security audit

Evaluation of the level of cybersecurity of a website (source :

1. First Section

1.1. Is access to the website filtered by a firewall?

A firewall is a device that limits access to only authorized services and machines

1.2. Is the website protected against denial of service attacks?

The operator and/or the host can implement solutions to absorb the traffic overload of this type of cyber attack

1.3. Is the website protected by an antivirus?

Antivirus software can detect and block malicious programs that may be deposited or stored on the site

1.4. Is the website regularly updated with all hardware and software security patches?

Applying security updates to all components of your site will remove known security vulnerabilities

1.5. Is the website regularly backed up and its backups tested?

An operational backup is essential to be able to restore the website to the state before an incident.

1.6. Are the services available on the website limited to what is strictly necessary?

Each service opened on the website is a possible entry point for a cybercriminal. It is therefore important to limit them to the essentials.

1.7. Is access in administration or publication on the website limited to authorized persons and machines?

The accesses allowing to manage the website or to modify it must be differentiated and be subject to a reinforced control

1.8. Are the website access passwords "strong" and "unique" for each authorized person?

Poor password management is one of the primary causes of cyberattacks

1.9. Is the access in administration or publication on the website protected by a double authentication?

Two-step authentication strengthens password security by requiring a confirmation code at each new login.

1.10. Are the communications with the website secured in HTTPS?

The HTTPS protocol makes it possible to protect the information exchanged between the user stations and the Internet site from interception.

1.11. Is the domain name of the website protected (INPI deposit, use of a registry lock...)?

It is important to use the available solutions to avoid theft or misappropriation of the website name

1.12. Are the software extensions used on the website essential and deemed safe?

These extensions can improve the functionality of the site, but are also possible entry points for cybercriminals.

1.13. Are all website accesses recorded or logged?

Access logging makes it possible to identify illegitimate access and to trace the chronology of an attack.

1.14. Is the website activity regularly monitored for hacking?

Monitoring of connections and changes to the site allows for early detection and response to cyberattack attempts

1.15. Is the security of the website regularly checked?

A website is constantly evolving. The maintenance of its security level must therefore be regularly controlled (audit) by specialists.

Created at:2023-02-01T21:23:49.8563954

Updated on :2023-10-16T09:06:26.0547814

License : © Creative commons :
Attribution / Pas d'utilisation commerciale
CC-BY-NC AttributionPas d'utilisation commerciale

author :
Dastro Naute
Dastro Naute

Access all our audit templates

Try Dastra now to access all of our audit templates that you can customize for your organization.It's free and there's no obligation for the first 30 days (no credit card required)

Build my audit
Subscribe to our newsletter

We will send you a few emails to keep you informed of our news and what's new in our solution

* You will always be able to unsubscribe on each newsletter. Learn more.