Web Application Security


Web Application Security Assessment Services are individually tailored to the customer. The scope of the testing can range from a five day remote web application test to many weeks of on-site, detailed investigation into one aspect of an application by a team of three or four consultants.


After an initial fact finding and project scoping exercise with the Pentest project lead consultant and the client, a team of highly skilled consultants with complimentary skill sets are typically assembled for the engagement. This ensures that the team’s knowledge, expertise and tool set offers complete coverage of the systems being tested leaving no stone unturned.


Consultants engaged in time limited web application tests will use attack methods and vulnerabilities in common use, our own in-house tools and established testing methodologies. Pentest consultants will simulate the skill level of the potential attacker, ranging from script kiddie to informed and highly skilled insider. This approach offers a far more realistic attack simulation than that offered by running a commercial vulnerability analysis tool. The automated tool approach used by some security consultancies has the benefit of being cost effective to run, however this approach is aimed at the masses and is the equivalent of a scattergun approach, generating long and largely irrelevant reports. This method is unlikely to point the consultant towards the vulnerabilities representing the greatest threat to a client. On completion of the test the client receives a report detailing the attack methods used by the team and an analysis of their findings. The report will also provide an assessment of the level of risk presented by the vulnerabilities found and recommendations for remedial work. Finally, Pentest presents a summary of findings to management and appropriate technical groups highlighting the relevant issues, supported by the technical content of the report.