Contact

Home page / Cyber Security / Offensive Security / Ethical Hacking / Penetration Testing of Web Applications

Penetration Testing of Web Applications

Testing of web applications starts with getting to know the specific requirements of a particular client. During testing, all vulnerabilities are identified within the allotted time, the method of exploiting each vulnerability found is documented, and the method of gaining unauthorized user or administrator access to the server is documented.

What we offer

Depending on the objectives, we offer three options for application penetration testing. We will consult with you to find and select the right option for you.

  • Black box – the client provides only the URL of the web application. The tester maps the environment under test using the same methods that an attacker would be forced to use without a link to the client organization.
  • White box – the sponsor provides all documentation for the web application under test, source code and an account with administrator rights. This approach can streamline the development of a well-secured application. It allows to detect deeper problems: dangerous chains of partial vulnerabilities and flaws in the application logic.
  • Grey box – a compromise approach that allows penetration testing to be performed faster and in greater depth than black box. In this case, we will recommend, depending on the nature of the application under test, what type of information the client should provide.

Benefits

  • Automated testing and scanning using commercial and open-source tools;
  • Manual testing of outputs found in automated testing;
  • Detailed testing according to the OWASP methodology;
  • Listing of vulnerabilities classified according to risk;
  • Detailed description of vulnerabilities;
  • A detailed documented process of possible exploitation of the identified vulnerabilities accompanied by screenshots;
  • Complete source code of the scripts used and all commands used, so that all steps can be repeated;
  • Instructions for your IT department to make changes and fixes to eliminate security risks.

If you are interested in a quotation, please contact us. An online meeting will be arranged to estimate the total price.