About our penetration testing

We test the security of websites and web applications using a mix of automated penetration testing tools and manual vulnerability testing.

Our penetration testing service is designed to expose weaknesses which could be exploited by hackers. Undetected, such problems could cause inconvenience, damage your reputation and even lose your business money.

Do we need testing?

If your website processes payments and stores credit card details you will need to perform penetration testing in order to achieve PCI compliance. We also recommend testing the following kinds of site:

  • Ecommerce websites which sell real or digital items
  • Any other websites that deal with money or payments
  • Trusted information sources, like news sites and blogs
  • Sites that store sensitive information about visitors
  • Websites which are part of marketing or PR campaigns

Remember: a security breach can harm you in many ways. If your website is defaced, your company's image will suffer.

We particularly recommend penetration testing for websites offering IT-related services. This is because visitors will judge you by the quality of your own website.

Our approach

As web applications have become more sophisticated, the chance of security issues emerging in them has also increased. Our aim is to find these before they damage your business.

To do this effectively, our penetration testing combines the advantages of automated and manual testing:

  • Automated testing allows us to check typical attack vectors and exhaustively test for common vulnerabilities.
  • Manual testing by a security expert lets us test different variables to find site-specific problems.

We carefully examine a web application's functionality when constructing our test plan. The manual tests are designed specifically for each web application, so we probe for weaknesses most effectively.

This considered, tailored approach offers significant benefits over using only automated tools and maximises the chance of vulnerabilities being unconvered.

What we test

Our testing looks at all areas where vulnerabilities can occur, including:

  • SQL injection
  • Cross-site scripting (XSS)
  • Cross-site request forgery
  • Business logic flaws
  • Broken authentication and session management

We check for server misconfiguration and look for malware injection and remote code execution opportunities which could leave you vulnerable.

We also examine your website's business logic in order to see how robust and dependable it is. For instance, we look to see if we can access or modify restricted content, see customer details or place an order without paying.

Our testing does not depend on your website being built with a particular technology. However, we have experience with AJAX, Javascript, MySQL, PHP, ASP.NET and other common web technologies which helps us to identify possible attack vectors more efficiently.

The outcome

Once we have concluded the testing process, we supply you with a comprehensive report explaining any issues we uncovered. The report contains all the information your development team will need to resolve the problems.

All our reports are compiled manually. This offers several advantages over automatically-generated reports. For instance, when rating the severity of a problem, we can consider the likely damage to your business as well as the likelihood of someone exploiting the vulnerability.

If requested, we can also offer further consultancy, advice on how to resolve issues with your site or even a step-by-step demonstration of how the vulnerability could be exploited.

Ready to start?

Please contact us for more information about the service. If you'd like us to quote for testing your site, send us as many details as you can, including the website address and the scope of testing.

You can also find out more about us or read our FAQ.

Our partners

    Open web applications security project

Try free poker timer