When a new project is being initiated, a secure folder will be made on my own development server.
Once progress is being made, the client will receive a link to a live version.
For existing projects it is also possible to port it over to my own development server, although it is preferred to continue a project on the client's server.
If the client has been informed that the project has been finished, the client will have to check the live version of the project on my development server and give me approval.
Once approval has been given, the (installation) files and documentation will be prepared. During the preparation the client will receive a link to the invoice with the ability to pay for it.
All of my website projects will come with 31 days of free support to patch bugs and other problems.
In order to clean up a hacked website or server, I will require at least access to (S)FTP. It's preferred to give me SSH access which will speed up the process by a lot.
In case malicious files are found on the server, a note will be made of the file its location. After that, the file will either be deleted or patched if the backdoor has been injected into a legitimate file.
Once the whole server has been scanned and cleaned, the client will be informed with the list of malicious files and, if necessary, recommendations of changes that can be made to the server in order to improve security.
1 - Code Analyze
The process of code analyze is fairly simple, I either get access to the server which contains the source code of the project or I will receive a download link of the source code.
I will then start my code analyze and, on top of that, go over a special compiled check list to ensure the source code is safe. The client will receive a report with in-depth information about the results of my investigation. Note that only PHP code will be analyzed.
2 - Pentesting
I can pentest a website or the whole server. The difference between this is that for a website I will only pentest the website (HTTP or HTTPS) and see if there are ways to abuse mistakes in the code of the website.
A server pentest means I will pentest the website and all other running services on the server.