Services
Cyber security for Prague websites
A clear-eyed look at where your website and data are exposed, then the fixes that close the gaps: audits, penetration testing, secure code review and WAF hardening. From CZK 25,000, scoped per audit.
Fast and safe are not a trade-off
Most Prague web shops sell you speed or they sell you security, rarely both. The usual pattern: a site is built quickly on a stack of plugins, and “security” becomes an annual scramble to patch the ones with a freshly published hole. We build the other way. Our sites ship as hand-coded static code with almost nothing to attack: no database to inject, no admin login to brute-force, no plugin marketplace quietly shipping you someone else’s vulnerability. The promise is simple: we build it fast, and we build it safe, in the same project.
But a small attack surface is not the same as no attack surface. Forms still take input, APIs still answer, servers still need correct headers and current TLS. Cyber security is where we go looking for the gaps on purpose, before someone with worse intentions does.
What we actually check
- Security audit. A structured review of your site, server, DNS, TLS, headers and third-party scripts, delivered as a written report that ranks each finding by real-world risk, not a generic checklist you cannot act on.
- Penetration testing. With your written permission and an agreed scope, we attack your own site the way a real attacker would: injection, authentication, session handling, form and API abuse, file uploads. You get proof of what is exploitable, not a theoretical list.
- Secure code review. For custom code, we read the source for the mistakes scanners miss: broken access control, unsafe queries, secrets committed to the repository, and dependencies with known CVEs.
- WAF and hardening. We put a web application firewall in front of the site, tighten the server configuration, add the security headers browsers expect, and lock down everything that does not need to be public.
Built secure from the first commit
The cheapest security work is the kind you never have to retrofit. When we build your website, hardening is part of the build, not an upsell afterwards: input is validated, output is escaped, secrets stay out of the code, dependencies are kept current, and the server goes live with sane defaults. That is why a Prahapp site starts from a much better place than a template assembled from a dozen plugins of unknown origin.
If you already have a site built by someone else, we audit it as it is and tell you honestly whether it needs hardening, a rebuild, or nothing at all.
GDPR is a security problem, not just a policy
Under the GDPR and Czech data-protection law, a leak of customer data is not only embarrassing, it is reportable, and it can be fined. Most breaches we see are not sophisticated: an exposed backup, a form that emails data in plain text, an analytics script quietly sending personal data to a third country. Our audit covers the technical side of EU data protection: where personal data lives, how it travels, who can reach it, and what a reasonable “appropriate technical measure” looks like for a business your size. We are not lawyers and we will say so, but we close the technical gaps that turn a policy on paper into a real risk.
What it costs
A focused security audit with a written report starts at CZK 25,000, scoped to the size of your site. Penetration testing, secure code review and WAF setup are quoted per engagement once we know the scope, because a five-page brochure site and a booking platform with logins are not the same job. Every quote is fixed and written before we start. See the pricing page for how we structure it, or tell us what you run and we will reply within 24 hours with a concrete scope and price.
Who this is for
Any Prague business that handles customer data or cannot afford downtime: e-shops taking card details, clinics with patient records, booking platforms, anyone who has just failed a client’s security questionnaire or is about to sign one. If you are still deciding whether you need this, an audit is the honest first step: it costs little, it is scoped up front, and it tells you exactly where you stand before you spend anything on fixes.
Frequently asked questions
What is the difference between a security audit and a penetration test?
An audit is a structured review: we inspect your site, server, TLS, headers, DNS and third-party scripts, then hand you a written report that ranks each finding by real risk. A penetration test goes further and actively tries to exploit those findings, with your written permission and an agreed scope, so you see what an attacker could really do, not just what looks weak on paper. Most businesses start with the audit and add a pen test where the stakes justify it.
Will the testing take my website offline?
No. We test against a staging copy or in a low-traffic window, agree the scope with you in writing beforehand, and stop the moment anything looks risky. The goal is to find the weaknesses safely, on our terms, before someone finds them on theirs. You will know exactly what we are doing and when.
Do you fix what you find, or just report it?
Both, and you choose. Every engagement ends with a written report you can act on with any developer. If you would like us to close the gaps, we quote the fixes as a fixed price, apply them, and then retest to confirm each issue is genuinely resolved rather than just marked done.
Is my small business really a target?
Almost every attack we see is automated, not personal. Bots scan the whole internet for known weaknesses and do not care how big you are; a small e-shop with an outdated plugin is an easier target than a bank. Under the GDPR, a leak of your customers’ data is also reportable and can be fined, so the size of the business is not the size of the risk.
How does a security review help with GDPR?
The GDPR requires appropriate technical measures to protect personal data, and most breaches are technical failures rather than policy ones: an exposed backup, a form sending data in clear text, a script leaking data to a third country. Our audit maps where personal data lives, how it moves and who can reach it, then closes the technical gaps. We are not lawyers and will tell you when a question is legal rather than technical.
Not sure which service you need?
Describe your situation and we will point you to the right option, even if that means telling you not to buy from us yet.