• Home
  • Offers and packages
  • Website

Offers and website audit

A web security audit identifies vulnerabilities in your website before they are exploited. Bexxo offers 3 packages (Essentiel, Avancé, Premium) compliant with ISO 27002 and NIST CSF, with a detailed report and prioritised action plan.

Classic Website Audit

At bexxo, we offer three audit options to precisely meet your company's needs. Choose the package that best suits your web security requirements, and we will be happy to customize it according to your wishes.

All our packages include post-audit follow-up and assistance in implementing the main recommendations.

ESSENTIEL

Ideal for small websites or businesses starting their security journey.

Je suis Intéressé(e)
  • 10-point analysis according to ISO 27002 or NIST CSF
  • Automated scan for common vulnerabilities
  • Basic SSL/TLS configuration check
  • Analysis of HTTP security headers
  • Simplified report with main recommendations

STANDARD

Recommended for medium-sized websites or businesses wanting a more in-depth analysis.

Je suis Intéressé(e)
  • 15-point analysis according to ISO 27002 or NIST CSF
  • All elements of the Essential package
  • Manual testing for common security flaws
  • In-depth analysis of web server configuration
  • Verification of secure coding best practices
  • Review of authentication and session management processes
  • Detailed report with prioritized action plan

PREMIUM

The complete solution for critical websites or businesses requiring a high level of security.

Je suis Intéressé(e)
  • 20-point analysis according to ISO 27002 or NIST CSF
  • All elements of the Advanced package
  • In-depth penetration testing
  • Database security analysis
  • API security assessment
  • Verification of compliance with security standards (OWASP Top 10, etc.)
  • Analysis of backup and restoration processes
  • Exhaustive report with detailed recommendations
  • Results presentation meeting

Why conduct a security audit for your site?

A website is often a company's first gateway into the digital world. Without adequate protection, it becomes a prime target for cyberattacks. A cybersecurity audit helps identify vulnerabilities before they are exploited.

  1. Identify vulnerabilities before attackers do — 73% of websites have at least one critical vulnerability.
  2. Comply with nLPD — fines of up to CHF 250,000 in the event of a personal data breach.
  3. Protect customer data — average cost of a breach: USD 4.88M (IBM Cost of a Data Breach 2024).
  4. Safeguard your reputation — 87% of customers refuse to do business with a compromised company (McKinsey).
  5. Obtain a prioritised action plan — know exactly what to fix first, by criticality.
  6. Demonstrate your due diligence — the audit report serves as evidence in the event of a FDPIC inspection.

Anticipate risks with Bexxo: our audits follow ISO 27001 and NIST CSF standards for complete, documented protection of your online presence.

Tailor-made solutions

Tailor-made network solutions for complex projects

Contact us to discuss your specific needs and get a personalized quote.

Our team of experts will be happy to guide you towards the solution best suited to your company.

Contact Me

We will process your personal information in accordance with our privacy policy.

Thank you, your message has been sent successfully.
Error! The message could not be sent.

Frequently asked questions about the web audit

What is a website security audit?

A website security audit is a methodical examination of a website's vulnerabilities: application flaws (OWASP Top 10), SSL/TLS configuration, HTTP security headers, access management and compliance with ISO 27002 and NIST CSF standards. It produces a report with a list of flaws classified by criticality and a prioritised action plan. At Bexxo, our audits cover 10 to 20 control points depending on the chosen package.

What is the difference between the Essentiel, Avancé and Premium packages?

The three packages differ in their depth of analysis:

  • Essentiel: 10 control points, automated scan, simplified report — for small sites or first audits.
  • Avancé: 15 control points, manual testing of common vulnerabilities, authentication analysis, detailed report with prioritised action plan.
  • Premium: 20 control points, in-depth penetration tests, API and database audit, full OWASP Top 10 verification, presentation session included.

All packages include post-audit follow-up and implementation assistance.

Does my website need a security audit?

Yes, if your website collects personal data, processes payments or is accessible from the internet. 73% of websites have at least one critical vulnerability (source: Bexxo, internal data). The nFADP (Swiss Data Protection Act) requires companies to document their security measures — an audit provides this proof. In the event of a data breach, the absence of diligence can result in fines of up to CHF 250,000.

How long does a website security audit take?

The duration varies depending on the package and the complexity of the site:

  • Essentiel: 1 to 2 working days.
  • Avancé: 3 to 5 working days.
  • Premium: 1 to 2 weeks depending on the size of the site and scope (APIs, database, third-party applications).

The report is delivered within this timeframe, followed by a presentation session (Premium package) or an email exchange.

Does the audit include fixing the identified vulnerabilities?

No — the audit covers identification, classification and the action plan. Fixing the vulnerabilities is a separate service, which can be carried out by your internal teams based on the report, or by Bexxo on a quoted basis. This separation guarantees the objectivity of the audit: the auditor cannot have an interest in finding more vulnerabilities than actually exist. All our packages include assistance in understanding the report and taking the first corrective measures.

A website security audit is a methodical examination of a website's vulnerabilities: application flaws (OWASP Top 10), SSL/TLS configuration, HTTP security headers, access management and compliance with ISO 27002 and NIST CSF standards. It produces a report with a list of flaws classified by criticality and a prioritised action plan. At Bexxo, our audits cover 10 to 20 control points depending on the chosen package.

The three packages differ in their depth of analysis:

  • Essentiel: 10 control points, automated scan, simplified report — for small sites or first audits.
  • Avancé: 15 control points, manual testing of common vulnerabilities, authentication analysis, detailed report with prioritised action plan.
  • Premium: 20 control points, in-depth penetration tests, API and database audit, full OWASP Top 10 verification, presentation session included.

All packages include post-audit follow-up and implementation assistance.

Yes, if your website collects personal data, processes payments or is accessible from the internet. 73% of websites have at least one critical vulnerability (source: Bexxo, internal data). The nFADP (Swiss Data Protection Act) requires companies to document their security measures — an audit provides this proof. In the event of a data breach, the absence of diligence can result in fines of up to CHF 250,000.

The duration varies depending on the package and the complexity of the site:

  • Essentiel: 1 to 2 working days.
  • Avancé: 3 to 5 working days.
  • Premium: 1 to 2 weeks depending on the size of the site and scope (APIs, database, third-party applications).

The report is delivered within this timeframe, followed by a presentation session (Premium package) or an email exchange.

No — the audit covers identification, classification and the action plan. Fixing the vulnerabilities is a separate service, which can be carried out by your internal teams based on the report, or by Bexxo on a quoted basis. This separation guarantees the objectivity of the audit: the auditor cannot have an interest in finding more vulnerabilities than actually exist. All our packages include assistance in understanding the report and taking the first corrective measures.