Website auditing is a systematic and independent examination of web site, it’s data or operations and performance (financial or security or other) for a stated purpose. Usually website auditing is done for evaluation of various facets of a website as
- Security – Checking for vulnerabilities in website
- Functionality – Reviewing the main functional aspects of the website to ensure that they work correctly.
- Browser Compatibility – Checking website in the major web browsers including IE7, IE8, IE9, Firefox and Google Chrome.
- Mobile Compatibility – Checking website on the main mobile devices including iPhone, iPad and Android.
- Usability – Focusing on elements of website that are confusing for a typical user or where the user experience could be improved.
- Accessibility – Reviewing the main accessibility aspects and checking that the website complies with accessibility best practice guidelines.
- SEO – Uncovering issues affecting the full user experience.
Website Security Auditing
It involves testing for DOM, XSS or cross site scripting, AJAX, SQL injection, SSL, brute force password, buffer overflow and penetration testing for checking the authorization and authentication mechanism of the website. Wapiti, Websecurify, Netsparker Community Edition and WebScarab are examples of open source web application security testing tools and commercial tools are IBM Rational AppScan, WebInspect v220.127.116.11 and Acunetix WVS.