Security

Do you know if your website
is really secure?

A professional security audit uncovers vulnerabilities before hackers find them. Prevention is cheaper than damage control.

Request auditWhat is checked?
43%
of all cyber attacks target SMEs
CHF 50k+
average damage per hack
60%
of SMEs close after an attack
The Risks

What happens when you get hacked?

Data Loss

Customer data, orders, years of work – all gone or encrypted.

Reputation Damage

Customers lose trust. Google warns about your site. Press reports.

Financial Damage

Lost revenue, recovery, legal costs, possibly GDPR fines.

Weeks of Downtime

Your website is offline. Customers cannot order. Competitors benefit.

The good news: 95% of all attacks exploit known vulnerabilities. An audit finds them before hackers do.
The Audit Scope

What I check

Systematic analysis according to proven security standards

Vincent Kilchherr - Website Security Experte

Your contact for website security

I am Vincent Kilchherr, independent web developer with over 16 years of experience – many of them in website security.

I have been conducting security audits for years. I know the typical vulnerabilities and understand where hackers start. My audits are thorough, clearly documented and practice-oriented.

  • Hundreds of websites checked
  • Direct contact – no ticket system
  • Understandable reports instead of jargon
OWASP Top 10

Vulnerability Scan

I check your website for the most common and dangerous security vulnerabilities – the same ones that hackers look for.

  • SQL Injection – Can attackers manipulate your database?
  • XSS (Cross-Site Scripting) – Can malicious code be injected?
  • Broken Authentication – Are login and sessions secure?
  • Security Misconfiguration – Are server and CMS properly configured?
Schwachstellen-Scan und Sicherheitsanalyse
Dependencies

Software & Plugins

Outdated software is the number 1 attack vector. I check all components for known security vulnerabilities.

  • CMS Version – WordPress, TYPO3, Joomla up to date?
  • Plugin Check – Outdated or insecure extensions?
  • PHP Version – Still running an EOL version?
  • Libraries – JavaScript, Frameworks with CVEs?
Software-Versionen und Plugin-Sicherheit prüfen
Configuration

Server & Infrastructure

The most secure application is useless if the server is misconfigured.

  • SSL/TLS – Is the encryption correct?
  • HTTP Headers – CSP, HSTS, X-Frame-Options?
  • Directory Protection – Are sensitive files protected?
  • Backup Check – Do backups exist and are they usable?
Server-Infrastruktur und Konfiguration
Access Control

Access & Permissions

Who has access to what? Often there are too many users with too many rights.

  • Admin Accounts – Are there abandoned or test users?
  • Password Policies – Are the passwords secure?
  • 2FA – Is two-factor authentication active?
  • FTP/SSH – Who has server access?
Zugangsverwaltung und Berechtigungen
The Result

What you get

Detailed Report

All findings documented with risk assessment (critical, high, medium, low) and explanations.

Action Plan

Concrete recommendations, prioritized by urgency. You know exactly what to do.

Discussion

Personal meeting (on-site or video) to clarify all questions and plan next steps.

The Process

How an audit works

1

Pre-meeting

We clarify scope, accesses and timeline. Quote.

2

Analysis

Automated scans + manual review. Takes 2-5 days depending on scope.

3

Report

You receive the report with all findings and recommendations.

4

Discussion

Joint review. If needed, implementation of the measures.

"
Vincent conducted a security audit for us and found vulnerabilities that our existing IT had missed. Particularly valuable was the prioritized action plan – we immediately knew what to tackle first. Had we done this earlier, we would have saved ourselves some sleepless nights.
Stefan K.
IT Manager, Service Company Zurich
FAQ

Questions about the Security Audit

The costs depend on the scope of your website – number of pages, complexity, integrations. After a brief preliminary discussion you receive a binding fixed-price quote without hidden costs.

Depending on scope 2-5 working days. You typically receive the report within a week. Express audits for urgent needs are possible.

Yes, on request. A pentest goes beyond the standard audit and simulates real attacks. This is useful for companies with increased protection needs or compliance requirements.

For critical findings I inform you immediately – not just in the final report. So you can react quickly. On request I fix the vulnerabilities directly.

Yes, normal operation is not disrupted. The tests are designed not to cause outages. Aggressive tests are only conducted by agreement.

Yes, I recommend an annual audit or after major changes to the website. For maintenance clients I offer quarterly security checks as part of the service.

Security starts with knowledge.

Let us find out where your website stands. Non-binding consultation.

Request audit+41 61 539 12 25