WEB APPLICATION PENETRATION TESTING
More than 70% of all technical attacks are aimed at the web application layer. Symantec reports in 2019 that 70% of all websites can be hacked.
This service examines your web applications from a coding and implementation flaw perspective, but also looks at issues like SQL injection, local and remote file inclusion as well as cross-site-scripting (XSS). It involves attempts to actively exploit vulnerabilities in order to gain access to the web application, underlying database services and hosting server system itself. We follow Pentest Standard dot org, SANS Top 25 and OWASP testing methodologies.
In a Web Application Vulnerability Assessment, which is a cost effective alternative to a Web Application Penetration Test, we only report on the flaws without actively exploiting them.
Web App Penetration Tests performed against
Websites
Portals
Cross-connected APIs
Underlying databases
Flaws we often find in a Web Application Penetration Test
Cross Site Scripting (XSS)
SQL Injection
Authentication Bypass / Session Hijacking
Local and Remote File Inclusion (LFI / RFI)
Deliverables
Full report (executive summary and in-depth technical report)
Testing only at agreed testing times (i.e. at nights, weekends, etc.)
Mitigation advice on encountered vulnerabilities
Never running malicious exploits or DDoS tests unless agreed by client
Instant notification of critical vulnerabilities found during testing phase
Secure report delivery by encrypted email
Download Flyer and Sample Reports
References and Certifications
If you would like to speak to one of our existing customers, we are happy to arrange that. Please note that a lot of customers wish to remain anonymous and not to serve as a reference due to the sensitivity of the work we perform. Naturally we always comply with our customers. We do however have some clients who are happy to serve as references. Should you require validation of our consultant’s certifications, we can arrange that as well.