web_
application_
testing

protecting your critical web applications

A web application is a broad term for an application which can be accessed by users through a web browser. This can be a public web browser, a specific private network or via an interface such as an API.

The importance of web applications cannot be overstated and apps such as websites, third-party software and ecommerce platforms are often pivotal to the day to day operation of your organisation.

The security of web applications is therefore vital and needs to be considered at all stages, from development through to deployment.

the benefits of web application testing

assurances throughout the development lifecycle

Security needs be considered throughout the application development lifecycle and regular web application tests should cover initial development, go live and subsequent releases. We can issue a letter of opinion following testing, providing customers, and stakeholders, with the security assurances they need.

provide security assurances during procurement

Procuring a third-party web application can solve problems for your organisation, but if that web app is compromised it could also create issues. Web application testing provides the security assurances you need during the procurement process, working closely with you and your third-party developers to ensure applications meet requirements.

prevent wider cyber-attacks

Vulnerable web applications can often provide attackers with an initial foothold as part of a wider attack against your organisation. Our web application tests allow you to identify and classify your most critical web application vulnerabilities, providing you with vital remediation advice.

protect your company reputation

A compromised web application can ultimately lead to financial, operational and reputational damage for both client and developer. Web applications therefore need to be tested on a regular basis, helping you to protect your organisation and clients from damaging cyber threats.

what we test

Our web application testing is tailored to your requirements, whether you’re looking to test the entire application or just specific areas of functionality.

Examples of the types of vulnerabilities we look for and the areas we assess include:
  • Native apps
  • Authentication
  • Authorisation and access control
  • Cross-site scripting (XSS)
  • SQL injection 
  • Other injection vulnerabilities
  • Cross-site request forgery (CSRF) 
  • Server-side request forgery (SSRF) 
  • Insecure file upload 
  • XML-related issues
  • Unsafe deserialisation
  • Business logic flaws 
  • Unnecessary information disclosure 

It is impossible to exhaustively cover all possible security vulnerabilities that may affect a web application. Consequently, the aim of our test methodology is to act as a baseline, with additional tests and checks being performed when necessary.

our approach

Every web application test we conduct goes through a rigorous process, ensuring you get the best possible outcome for your business. Below we outline the key stages out penetration testing goes through: 

1.scoping

We work with you to fully understand your organisation, the web application in question and the desired test outcomes.

2. proposal & prerequisites

A proposal will be drawn up outlining the planned scope of work and the preparations needed to start testing.

3. testing

Our consultants are given access to the web application, using their expertise to evaluate the product from a security standpoint.

Penetration testing approach - Pentest - Information security assurance

4. ongoing communication

Our consultants will communicate with you throughout the test, to your set requirements.

5. reporting

A comprehensive, quality assured report of test findings will be delivered.

6. post-test support

Our consultants will be available to offer guidance on any aspect of the report, as well as remediation efforts.

7. retest

You have the option to retest, ensuring reported vulnerabilities have been addressed

why choose us?

Our web application tests are designed to support your organisation’s overall information security efforts. It’s this support that truly sets us apart and our team is dedicated to reducing your cyber threat, to pass on our wealth of expertise and to provide you with the security assurances required.

experience and expertise

Our team of security consultants have years of experience and a depth of expertise in web application testing. We invest significant time into security research projects, honing and developing skills which allow our consultants to deliver the best possible results for your organisation.

dedicated contact throughout

Every organisation we work with is assigned a dedicated account manager. Our account managers understand the complexity of coordinating tests and will work with you throughout the process to ensure your test runs smoothly.

testing tailored to your business

No two organisations are the same and neither are our web app tests. We work closely with you to fully understand your goals, the application in question, security challenges, operational needs and priorities before we undertake any work.

quality reporting

Every penetration test report undergoes an internal QA process and is peer reviewed. Our reports provide you with a managerial overview of findings, an in-depth technical review of the vulnerabilities found and our remediation advice.

post-test support

Our job doesn’t finish on the delivery of a report and our expert consultants will be available to answer any questions, to share their expert knowledge, and to provide remediation support to internal development teams or external suppliers.  

optional retest

We can provide an optional retest into our testing, making sure issues have been understood and remediation efforts have been implemented as effectively as possible. 

added value

Value is about more than just cost. Our value comes from scoping engagements accurately, our detailed reports, providing your team with post-test support, the expert knowledge we impart and by going above & beyond the tick box deliverables used by other information security providers.