Security testing FAQ

We offer security testing for all kinds of websites. This page contains answers to the most common questions we get asked about our services. For even more information, please read the penetration testing overview too.

How do I secure my website?
We believe it is important to consider security from the moment you begin designing a new website. If you take sensible precautions when building your site and then test it thoroughly, you can eliminate vulnerabilities before launching your site publicly. Our testing services can help you with this.
How much do your services cost?
We always tailor our service to fit the needs of each individual client. This means the price depends on the size and type of site and the scope of the testing.

The best way to find out how much it will cost to test your site is to contact us. Please send us as much information as you can, like the address of your website, the number of users and the scope of the testing. We will happily discuss the options and provide an accurate quotation for you.
What type of websites do you test?
We test both newly launched web applications and established websites. We work with clients of all sizes too, though most commonly we test large ecommerce websites which have complex functions. We can also test AJAX-driven community websites.
Who are your clients?
The nature of our work means our clients don't like us to reveal when we've helped them. However, most of them are online retailers. You can read our web penetration case studies for additional information.
When should I test my website?
You should thoroughly test your website for PCI compliance if it processes and stores credit card details. We also recommend testing the following types of website:
  • Ecommerce websites which sell real or digital items
  • Any other websites that deal with money or payments
  • Trusted information sources, like news sites and blogs
  • Sites that store sensitive information about visitors
  • Websites which are part of marketing or PR campaigns
My website uses a specific technology, like PHP or ASP. Can you test it?
Our penetration testing does not rely on your website being built with a particular technology. We test how robust and dependable the business logic on your site is. In other words, could an attacker access or modify restricted content or use technical glitches to their benefit?
What types of vulnerability can you find?
We stay up-to-date with the latest exploits and vulnerabilities (we're involved in OWASP, a worldwide community working to improve the security of web applications). Here are the most common damage-inflicting insecurities we test for:
  • SQL injection
  • Cross-site scripting (XSS)
  • Cross-site request forgery
  • Business logic flaws
  • Broken authentication and session management
That's not all though; when we test a site, we always examine that site carefully and use our own experience and expertise to check every area we feel could be vulnerable.
How do I get more information?
The fastest way to find out about our service is to get in touch with us. We can provide a no-obligation quote for testing your site, or simply discuss your requirements in more detail. You can also read more about us and our penetration testing services on this site.

Our partners

    Open web applications security project

Try free poker timer