We test the security of websites and web applications using a mix of automated penetration testing tools and manual vulnerability testing.
Our penetration testing service is designed to expose weaknesses which could be exploited by hackers. Undetected, such problems could cause inconvenience, damage your reputation and even lose your business money.
If your website processes payments and stores credit card details you will need to perform penetration testing in order to achieve PCI compliance. We also recommend testing the following kinds of site:
Remember: a security breach can harm you in many ways. If your website is defaced, your company's image will suffer.
We particularly recommend penetration testing for websites offering IT-related services. This is because visitors will judge you by the quality of your own website.
As web applications have become more sophisticated, the chance of security issues emerging in them has also increased. Our aim is to find these before they damage your business.
To do this effectively, our penetration testing combines the advantages of automated and manual testing:
We carefully examine a web application's functionality when constructing our test plan. The manual tests are designed specifically for each web application, so we probe for weaknesses most effectively.
This considered, tailored approach offers significant benefits over using only automated tools and maximises the chance of vulnerabilities being unconvered.
Our testing looks at all areas where vulnerabilities can occur, including:
We check for server misconfiguration and look for malware injection and remote code execution opportunities which could leave you vulnerable.
We also examine your website's business logic in order to see how robust and dependable it is. For instance, we look to see if we can access or modify restricted content, see customer details or place an order without paying.
Our testing does not depend on your website being built with a particular technology. However, we have experience with AJAX, Javascript, MySQL, PHP, ASP.NET and other common web technologies which helps us to identify possible attack vectors more efficiently.
Once we have concluded the testing process, we supply you with a comprehensive report explaining any issues we uncovered. The report contains all the information your development team will need to resolve the problems.
All our reports are compiled manually. This offers several advantages over automatically-generated reports. For instance, when rating the severity of a problem, we can consider the likely damage to your business as well as the likelihood of someone exploiting the vulnerability.
If requested, we can also offer further consultancy, advice on how to resolve issues with your site or even a step-by-step demonstration of how the vulnerability could be exploited.
Please contact us for more information about the service. If you'd like us to quote for testing your site, send us as many details as you can, including the website address and the scope of testing.
You can also find out more about us or read our FAQ.
Try free poker timer