Web application penetration testing is a point-in-time security assessment of a web application and web server. The web application assessment is a consultant lead manual security test, helping identify security issues with all core application functionality (detailed below). Testing provides clear remediation instructions for discovered security issues, allowing your team to fix any discovered issues.
Our internal web application penetration testing methodology is based from the OWASP testing methodology (Open Web Application Security Project), covering all areas of the OWASP top 10. Additionally our methodology base includes Open Source Security Testing Methodology Manual – OSSTMM and the Penetration Testing Execution Standard – PTES. Our full web app penetration testing methodology is available on request.
|Web Application||£2,000||Price for a manual web application penetration test for a single web application consisting of less than 100 static/dynamic pages, 3 levels of authentication. The web app security test includes file upload testing and all areas of the OWASP testing methodology.|
|Web Application 2||£3,000||Price for a manual web application penetration test for a single web application consisting of less than 200 static/dynamic pages, 5 levels of authentication. The web app security test includes file upload testing and all areas of the OWASP testing methodology.|
The OWASP top 10 are listed below:
In short the OWASP top 10 represents the top 10 most critical web application security issues and vulnerabilities.
Working with you to identify all systems / applications that need testing.
Web App Penetration Testing
Hands on penetration testing is completed by our CREST accredited team, this process uses a large range of attack methodologies.
Delivering a clear easy to understand severity ordered report, detailing identified issues and associated remediation steps.
Further explanation and demonstrations of vulnerabilities / exploits.
Free re-testing is included with all our services, helping your business reduce security risks.
Execute a real-world attack and understand the level of risk that exists at a single moment in time.
Complement your automated scanning to better identify and validate all security vulnerabilities.
Provide management with an understanding of the level of risk introduced by the web application.
Plan a cost-effective and targeted mitigation approach from idenitified security issues.
Various standards such as ISO27001 and PCI DSS require a penetration test.
Create a foundation for future decisions regarding information security strategy and resource allocation.