More than 70% of all technical attacks are aimed at the web application layer. Symantec reports in 2019 that 70% of all websites can be hacked.

This service examines your web applications from a coding and implementation flaw perspective, but also looks at issues like SQL injection, local and remote file inclusion as well as cross-site-scripting (XSS). It involves attempts to actively exploit vulnerabilities in order to gain access to the web application, underlying database services and hosting server system itself. We follow Pentest Standard dot org, SANS Top 25 and OWASP testing methodologies.

In a Web Application Vulnerability Assessment, which is a cost effective alternative to a Web Application Penetration Test, we only report on the flaws without actively exploiting them.

Web App Penetration Tests performed against

  • Websites

  • Portals

  • Cross-connected APIs

  • Underlying databases

Flaws we often find in a Web Application Penetration Test

  • Cross Site Scripting (XSS)

  • SQL Injection

  • Authentication Bypass / Session Hijacking

  • Local and Remote File Inclusion (LFI / RFI)


  • Full report (executive summary and in-depth technical report)

  • Testing only at agreed testing times (i.e. at nights, weekends, etc.)

  • Mitigation advice on encountered vulnerabilities

  • Never running malicious exploits or DDoS tests unless agreed by client

  • Instant notification of critical vulnerabilities found during testing phase

  • Secure report delivery by encrypted email

Why PrimoConnect?

  • We are experts in Penetration Testing / Ethical Hacking, Cyber Security and Infrastructure Design

  • We are an independent third party concerned with finding & fixing flaws and improving infrastructure design

  • No conflict of interest. We will never work on both you offensive security testing and defensive IT infrastructure management simultaneously

  • Consultants holding the highest industry and government certifications

  • Experience across all sectors and business sizes

  • Dedicated Red Team approach with specialists in all technologies

  • Using international testing frameworks such as: OWASP, NIST, SANS, etc. as well as standards including: ISO 27001, PCI DSS, Cyber Essentials and GDPR

  • Your security is our priority!

Download Flyer and Sample Reports

References and Certifications

If you would like to speak to one of our existing customers, we are happy to arrange that. Please note that a lot of customers wish to remain anonymous and not to serve as a reference due to the sensitivity of the work we perform. Naturally we always comply with our customers. We do however have some clients who are happy to serve as references. Should you require validation of our consultant’s certifications, we can arrange that as well.

Get a free quote today…