Cybersecurity: Website Security Audit & Hardening Recommendations

Closed
Main contact
InnC LLC
West Windsor Township, New Jersey, United States
Priyanka Khati
Founder and CEO
(4)
3
Portals
(1)
  • AscentUP
    San Diego, California, United States
Project
150 hours per learner
Learner
Anywhere
Intermediate level

Project scope

Categories
Information technology Security (cybersecurity and IT security)
Skills
cyber security management cyber security strategy website management web development tools critical thinking complex problem solving
Details

Project Overview

This project focuses on assessing and improving the security of our website. The team will conduct a basic security audit, identify vulnerabilities, and propose or implement security improvements. The project is structured for a team of five learners, each dedicating 30 hours over six weeks (totalling 150 hours).


Project Scope & Expectations:

Learners will engage in:

  • Conducting a security audit of the existing WordPress website.
  • Identifying vulnerabilities, including outdated plugins, weak passwords, and missing HTTPS.
  • Reviewing user permissions and access controls to ensure security best practices.
  • Recommending or implementing basic security hardening measures.
  • Developing a basic incident response guide for handling security breaches.


Deliverables

Project Timeline and Deliverables:

Week 1: Project Kickoff & Security Audit Planning (~2 hours per learner)

  • Meet with stakeholders.
  • Ensure understanding of project goals, scope, and success metrics.
  • Identify the website’s technology stack and existing security setup. 

Week 2: Website Security Scan & Initial Findings (~4 hours per learner)

  • Conduct a basic vulnerability scan using free tools (e.g., Mozilla Observatory, Sucuri, OpenVAS).
  • Identify common security issues such as outdated plugins, weak authentication, and unencrypted data.
  • Suggestion: Learners work independently to conduct their testing and submit findings via a shared internal document. They compile those findings and present them to the employer stakeholders via the deliverable – eliminating duplication.
  • Deliverable: Website Security Findings Report (Checklist + Screenshots).

Week 3: Permissions & Access Control Review (~6 hours per learner)

  • Audit user roles and access permissions to identify security gaps.
  • Check for unused accounts, weak passwords, and lack of multi-factor authentication (MFA).
  • Suggestion: Learners work independently to conduct their testing and submit findings via a shared internal document. They compile those findings and present them to the employer stakeholders via the deliverable – eliminating duplication.
  • Deliverable: Access Control Report with Recommendations.

Week 4: Security Hardening Implementation (~6 hours per learner)

  • Create a checklist of priority fixes based on audit findings.
  • If permitted, implement basic security measures such as:
  • Enabling HTTPS encryption if not already in place.
  • Removing or updating outdated plugins.
  • Restricting admin access through IP whitelisting or role-based permissions.
  • Setting up a basic logging system to monitor unauthorized access.
  • Deliverable: Security Hardening Checklist with Before/After Notes.

Week 5: Incident Response Plan (~6 hours per learner)

Develop a one-page incident response guide outlining:

  • Steps to take in case of a security breach.
  • Who to contact and what actions to document.
  • Basic recovery strategies.
  • Deliverable: Incident Response Plan (PDF or Slide Deck).

Week 6: Final Report & Presentation (~6 hours per learner)

  • Compile all findings, actions taken, and future recommendations.
  • Present the before-and-after security comparison to stakeholders.
  • Deliverable: Final Security Audit Report & Presentation.


Final Deliverables:

  • Website Security Audit Report – Summary of security issues identified.
  • Access Control Report – Review of user permissions and security risks.
  • Security Hardening Checklist – List of improvements made.
  • Incident Response Plan – Basic guide for handling security incidents.
  • Final Report & Presentation – Summary of project work and outcomes


Working Expectations:

Learners are expected to receive practical real-world job experience in exchange for completion of tangible deliverables of a successfully completed project. Employers are expected to provide mentorship, guidance, and clear expectations to students and regular communication with the AscentUP team.



Mentorship
Domain expertise and knowledge

Providing specialized knowledge in the project subject area, with industry context.

Skills, knowledge and expertise

Sharing knowledge in specific technical skills, techniques, methodologies required for the project.

Tools and/or resources

Providing access to necessary tools, software, and resources required for project completion.

Regular meetings

Scheduled check-ins to discuss progress, address challenges, and provide feedback.

About the company

Company
West Windsor Township, New Jersey, United States
2 - 10 employees
Technology, Arts
Representation
Community-Focused Immigrant-Owned Minority-Owned Women-Owned

InnC stands for Innovation Connect. InnC offers Technology-based platforms as Services that aim to connect producers and providers with consumers.