Web Application Penetration Test
Web Application Penetration Test
This Team Leader driven penetration test against your web application follows the OWASP testing guidelines and is conducted by CREST registered testers. It is designed to identify potential vulnerabilities in your websites and web applications and provide recommendations for improving your security posture.
Our Web application penetration testing is built upon a testing methodology that has evolved over the last 12 years. Based on the OWASP Top 10 Application Security Risks for 2017, our methodology brings in over 400 different tests and checks into every web application penetration test. This approach emulates the techniques of real attackers, using the same tools as the attackers as well as a number of in-house developed tools. This enables a full assessment of the key components of the web applications and supporting infrastructure.
Once all aspects are tested within the time frames, the report is created in a format that allows you to assess their relative business risk and the cost of remediation.
Why you need to test
The security of web applications is of paramount importance to the safety and security of any business and a breach of this security can significantly impact the continuity and integrity of the business as well as its brand and reputation. While traditional security defenses such as firewalls and other security controls are important, they can’t defend or alert you to many of the attack vectors specific to web applications.
Benefits of Penetration Testing
Our web application penetration tests will help you to:
Gain real-world insight into your vulnerabilities;
Keep untrusted data separate from commands and queries;
Develop strong authentication and session management controls;
Improve access control;
Discover the most vulnerable route through which an attack can be made;
Find any loopholes which could lead to the theft of sensitive data.
How it works
Our web application penetration testing process is as follows:
Once you have placed an order, a review meeting is taken by the assigned penetration tester and our CEO to ensure we are going to test to a sufficient level.
We will schedule and hold a scoping call with you to establish the exact extent of the testing exercise. This is where we will also discuss the extent of authenticated testings.
A set of manual spiders will be run by your tester to map out the application as they learn how your application works.
A set of automated spiders will run to identified hidden and forgotten content.
A series of automated vulnerability scans will be run against your application.
A range of manual tests will be run by your tester. These are closely aligned with the OWASP methodology.
Immediate notification of any critical vulnerabilities to help you take action quickly.
A detailed report that identifies and explains the vulnerabilities identified and their Impact to your organisation.
A list of recommended countermeasures to address any identified vulnerabilities.
An executive summary that explains what the risks mean in business terms.
The price is per single web application and database with up to x number of static web pages, or dynamic web pages using no more than five templates, or a combination of the two.
Testing will be conducted as an unauthenticated user and then with a single level of authentication.
This test is available as either an internal or an external test.
Expenses related to travelling, etc. are not included in the price.
On-site presentation of report findings and remedial consultations can be provided upon request at an additional cost.
The quoted price applies to testing during regular office hours. An additional charge will be incurred for tests conducted outside of regular office hours (9:00 to 17:30 GMT).
Require a more in-depth penetration test?
We’ve designed our standard packages to be easy and affordable, but if you are unsure of your requirements, or your needs are more complex and involve attempting advanced exploitation of the identified vulnerabilities, please call us to discuss. Our consultants can answer your questions and make the process painless. If you would like to talk to one of our testers or meet with them, we would be happy to arrange this for you.
Why choose us?
Penetration tests should only be carried out by experienced testers with the necessary technical skill set and qualifications. Our penetration testers have strong technical knowledge and a proven track record in finding security vulnerabilities and can carry out exploits in a safe manner and advise on appropriate mitigation measures to ensure that your systems are secure.
Our penetration testers are OSCP (Offensive Security Certified Professional), OSWE (Offensive Security Web Expert) and CREST (Certified Register of Ethical Security Testers) certified. Our penetration testing team will provide you with clarity, technical expertise and peace of mind knowing that your web application has been reviewed by experienced testers in line with your business requirements.
Got a Question? Ask us