Contact

Home page / Cyber Security / Offensive Security / Ethical Hacking / Penetration Testing of Web Applications

Penetration Testing of Web Applications

Web Application Testing begins with getting to know the specific requirements of a particular client. Over the course of the testing, all possible vulnerabilities are identified during the allocated time allowance. Additionally, the method of exploiting the individual vulnerabilities as well as the method of gaining the unauthorized user or administrator access to the server are documented.

What we offer

We offer a total number of three options for penetration testing of applications depending on previously set goals. We will consult all the options together to find and choose the option suitable just for you.

Black box – the client provides only the URL address of the web application. The tester maps the tested environment using the exact same methods that an attacker would have to use without an access and connection to the organization of the client.

White box – the client provides all the possible documentation for submitted web application, together with source code and an account with administrator rights. This approach can effectively streamline a development of a well-secured application. Thanks to this option, it is possible to detect much more complex problems such as dangerous chains of partial vulnerabilities and errors in the application logic.

Gray box – a compromise approach which, in contrast to black box, allows for a faster and deeper penetration testing. In this case, we will recommend what type of information should be provided by the client, depending on the nature of the tested application.

Benefits

  • Automated testing and scanning using commercial and open-source tools
  • Manual testing of outputs which were detected during the automated scanning
  • Detailed testing according to the standard OWASP methodology
  • List of findings and vulnerabilities classified according to risk
  • Detailed description of vulnerabilities
  • Detailed documented procedure of possible exploits of identified vulnerabilities with screenshots attached
  • Complete source code of the used scripts together with all used commands so that all steps can be repeated
  • Detailed instructions for your IT department with our recommended changes and corrections needed in order to eliminate possible security risks

If you are interested in a quotation, please contact us. An online meeting will be arranged to estimate the total price.