Rack911 is widely known to be the leader of Proactive Server Management for Linux servers, but did you know we are also a leader in Web Hosting Security and Software Auditing?

This year alone we have found over 200 new security vulnerabilities in every control panel and almost every popular hosting application. In a few cases we even came up with new exploit techniques previously unheard of! Here is a short list of some of the largest software vendors that we have found multiple security vulnerabilities in:

- cPanel
- Parallels Plesk
- Parallels H-Sphere
- DirectAdmin
- InterWorx
- CloudLinux
- RVSkin
- RVSiteBuilder
- Softaculous
- Installatron
- Idera (R1Soft)
- Cloudflare (Plugin)
- LiteSpeed Web Server

Don't be fooled by the dozens of server management companies who claim to know security. Ask yourself, where are their published security advisories? To this date we have published around 100 security advisories on our Blog and Twitter feed with many more pending release in the weeks ahead.

We are now offering our software auditing expertize to the public with low introductory rates to accommodate every one from large vendors to small plugin developers. Our goal has always been to help make the hosting community safer and we want to work with you to accomplish that.

The rates listed below are the starting prices and go up depending on the complexity of the software being audited. Please contact us for a free quote to get an exact estimate. (We also offer affordable revision auditing packages for those who have purchased an initial audit.)

Web Application: $299+
Control Panel: $2,499+
Control Panel Plugin: $299+

Some of the security vulnerabilities that we look for include:

- Privilege Escalation
- Race Conditions
- Hardlink / Symlink Attacks
- Input Validation Failures
- SQL Injection
- File Inclusions (Local / Remote)
- Insecure Permissions
- ACL Failures
- Cookie Mishandling
- Denial of Service

In order for us to perform a thorough audit, access to the source code is highly recommended but not necessary for us to find most security vulnerabilities. When we do have full access to the source code, the probability of a security vulnerability being overlooked is greatly diminished, especially when it comes to certain vulnerabilities such as SQL injections and file inclusions.

Everything we do is confidential and will never be shared with anyone else; NDA's can be signed upon request if you have one. Public disclosure of any security vulnerabilities found is strictly up to you and credit to RACK911 is not necessary.

You can see some of our work at the following links:


Interested? Please send an email to [email protected] for more information.