Simply make an appointment online for a non-binding and free initial consultation with one of our employees.Arrange Call
Web Penetration Testing is, as the name implies, a penetration test that is is focused exclusively on a web application and not on a network or enterprise. The underlying concept and objectives for detecting security vulnerabilities and for Strengthening defence mechanisms are identical. In fact, many of the same Tools and attack vectors used during deployment. The main difference lies in the methodology used by the Web Penetration Tester to create a footprint or a Map Web application functionality and then query entry points (usually user-defined input fields).
Penetration tests are carried out by our specially trained analysts according to recognised standards. planned, and evaluated.
Penetration tests carried out by us are an agile process and are carried out in close consultation with the customer.
The preparation of the pentest takes place in the context of a kick-off meeting with the technical and organizational responsible persons of your company. The framework conditions to be tested are specified, necessary user accounts and access routes are agreed, contact persons and escalation routes are defined and the pentest is discussed in detail together.
Our analysts try to collect as much information as possible. Based on this information, analysis strategies are developed to identify possible attack vectors. These attack vectors are then examined for vulnerabilities in extensive tests.
In this phase, an attempt is made to actively exploit the identified vulnerabilities in order to gain access to the target systems. Depending on the service or technical environment, our pentester writes new exploits or uses existing ones. Potential vulnerabilities can turn out to be false positives. Only verified vulnerabilities are included in the final report and classified according to their criticality.
You will receive a comprehensive final report consisting of a Management Summary and a Technical Report. The criticality of the weak points and recommendations for action are described in detail.
In this phase, the identified weak points are eliminated by your company. If required, you will be supported by our experienced security engineers.
After the remediation you have the opportunity to have us carry out a follow-up check. Here we check the effectiveness of your measures and adjust the result report.
In this final discussion, all critical points in the results report are discussed and all final questions clarified.
Request a sample report or our service portfolio today. We will be happy to assist you!
The following section describes our test modules. Basically, the longer our analysts examine your web application, the more meaningful the results will be. If you have special requirements, we will be happy to make you an individual offer.