WEB APPLICATION PENETRATION TESTING

Identify vulnerabilities on your website & web applications which could lead to unauthorised access or data exposure.

Uncover critical flaws in your website and web applications

Need to be certain? Robust testing methodologies by experienced, CREST-accredited pen testing professionals arms you with the confidence that your security is rigorously tested, using the same techniques a hacker would use.
CREST-certified penetration testing

Experienced CREST-certified testing team

Employing the latest testing strategies to provide a rigorous ‘real-world’ test of your security controls.

Rigorous pen testing methodologies

Rigorous pen testing methodologies

Testing methodology uses OWASP and PTES standards, tailored per organisational requirements.

Highly tailored pen testing programmes

Highly tailored programmes

Every test is uniquely defined to fit your requirements, with step-by-step details in a scoping document (SOW).

Actionable risk-based report

Actionable risk-based report

Evidence of vulnerabilities identified, including their CVSS score (Common Vulnerability Scoring System).

About Comtact Ltd.

24/7 Security Operations Centre (SOC)

Located at the heart of a high security Tier 3 data centre, Comtact’s Security Operations Centre (SOC) team operate round the clock, as part of an integrated, multi-layered security defence.

Website & Web Application Tests

  • Web app penetration testing identifies flaws in website, extranets, or internally developed applications.
  • From web-based portals to online shopping, web apps represent a constant challenge to secure - and a frequent opportunity for attack.
  • Internet-based web applications – are in their nature, globally accessible and easily probed, or manipulated – from anywhere.
  • Reveal real-world exploitable vulnerabilities on website & web applications exposed to the internet.

Comtact have afforded us quicker response times, reducing the noise of verbose alerts, cutting resolution time and saving lost revenue and avoided user frustration. Simply, Comtact lets us see the wood from the trees.

Adrian Hollister
Plymouth University

Best practice methodology

Best practice pen testing methodology
Step 1 (One)

Scoping and planning

Agreement of scope, as well as controls, methodologies and communication.


Step 2 (Two)

Intelligence gathering

Sources include search engines, open source frameworks, dark web…


Step 3 (Three)

Pen test execution

To compromise and confirm how exploitable the vulnerability is.


Step 4 (Four)

Reporting & analysis

Detailed report, suitable for both technical & non-technical staff.


Step 5 (Five)

Discussion & recommendations

Guidance on the required steps to remediate discovered issues.


Penetration test report (sample)

View sample penetration test report

Summary
Summary: Overview of key threats and business risks, in a high-level format suitable for non-technical Directors.

Technical
Technical: Outlines the steps taken by Comtact's testers to breach teh network/defences, remediations and supplemental information suitable for IT teams.

Risk Scoring
Risk scoring: Report includes a vulnerability scoring system to rate issues discovered, based on severity.

Remediation & next actions
Remediation & next actions: Recommendations and guidance on the steps necessary to remediate discovered issues.

VIEW THE REPORT

TAKE THE NEXT STEP

Ask a question

ASK A QUESTION

Have a question? We're always here to help.
[contact us]

Get a quote

GET A QUOTE

Request guide pricing, or a formal quote.
[pricing]

Penetration Test Report (Sample)

VIEW SAMPLE REPORT

View a 'best practice' risk-based pen test report.
[view report]

Questions and answers

Q What does a web application penetration test involve?

Using the same techniques a hacker would use – but with a defined and controlled methodology, our skilled pen testers use the full range of strategies in their toolkit to replicate a ‘real-world’ cyber attack – a highly effective test of your security defences.

Firstly, we gather intelligence from publicly available sources to identify opportunities and vulnerabilities to exploit that can lead to unauthorised access.

With agreement, we would attempt to exploit identified vulnerabilities to confirm the risk to your organisation – a true evaluation of the threats faced today.

Q What are the goals of a penetration test?
  • Determine feasibility of a particular set of attack vectors.
  • Identify any vulnerabilities which are present, including any that are high-risk which result from a combination of lower-risk vulnerabilities exploited in sequence.
  • Identify vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software.
  • Assess the potential business and operational impacts of successful attacks.
  • Test the ability of network defenders to detect and respond to attacks.
  • Justify increased investment in security personnel and technology.
Q What is Black box and White box pen testing?

Black box: A penetration test performed without any influence or direction from the business on what vectors to attack

White box: A penetration test performed according to pre-determined guidelines set out by the client

Grey box: A penetration test performed with partial guidance, like a map of the network, but where other aspects must be achieved during the project, like administrative access.

CASE STUDY

What's the difference between a vulnerability scan and a penetration test?

Read more

ARTICLE

What are the different types of penetration test?

Read more

Subscribe and keep your knowledge up to date.