WEB APPLICATION PENETRATION TESTING
More than 70% of all technical attacks are aimed at the web application layer. Symantec reports in 2019 that 70% of all websites can be hacked.
This service examines your web applications from a coding and implementation flaw perspective, but also looks at issues like SQL injection, local and remote file inclusion as well as cross-site-scripting (XSS). It involves attempts to actively exploit vulnerabilities in order to gain access to the web application, underlying database services and hosting server system itself. We follow Pentest Standard dot org, SANS Top 25 and OWASP testing methodologies.
In a Web Application Vulnerability Assessment, which is a cost effective alternative to a Web Application Penetration Test, we only report on the flaws without actively exploiting them.
Web App Penetration Tests performed against
Flaws we often find in a Web Application Penetration Test
Cross Site Scripting (XSS)
Authentication Bypass / Session Hijacking
Local and Remote File Inclusion (LFI / RFI)
Full report (executive summary and in-depth technical report)
Testing only at agreed testing times (i.e. at nights, weekends, etc.)
Mitigation advice on encountered vulnerabilities
Never running malicious exploits or DDoS tests unless agreed by client
Instant notification of critical vulnerabilities found during testing phase
Secure report delivery by encrypted email
We are experts in Penetration Testing / Ethical Hacking, Cyber Security and Infrastructure Design
We are an independent third party concerned with finding & fixing flaws and improving infrastructure design
No conflict of interest. We will never work on both you offensive security testing and defensive IT infrastructure management simultaneously
Consultants holding the highest industry and government certifications
Experience across all sectors and business sizes
Dedicated Red Team approach with specialists in all technologies
Using international testing frameworks such as: OWASP, NIST, SANS, etc. as well as standards including: ISO 27001, PCI DSS, Cyber Essentials and GDPR
Your security is our priority!
Download Flyer and Sample Reports
References and Certifications
If you would like to speak to one of our existing customers, we are happy to arrange that. Please note that a lot of customers wish to remain anonymous and not to serve as a reference due to the sensitivity of the work we perform. Naturally we always comply with our customers. We do however have some clients who are happy to serve as references. Should you require validation of our consultant’s certifications, we can arrange that as well.