Skip to Main Content
Learn for less: Save 25% on high-quality instructor-led and self-paced foundation training. Find out more
Combined External Infrastructure and Web Application Penetration Test

Combined External Infrastructure and Web Application Penetration Test

SKU: 4452
Format: Penetration test
  • Identify potential vulnerabilities in your external infrastructure and web applications.
  • Gain real-world insight into vulnerabilities, including (but not limited to) insecure and misconfigured services, unpatched services and software, poor input validation, insecure authentication and misconfigured access controls.
  • Demonstrate a strong security posture to clients by providing third-party assurance that your external infrastructure and web applications are secure.
  • Work with one of the leading penetration testing companies in the UK, offering one-to-one expert advice at any stage of the engagement.

 

For more information about this service or to get a tailored quote for your organisation, please enquire below and one of our experts will be in touch shortly.Enquire about this service
Overview

Our Combined External Infrastructure and Web Application Penetration Test is built upon an established bespoke methodology, emulating the techniques of an attacker and using many of the same readily available tools.

This enables a full assessment of the key components of the web applications and external network infrastructure, covering:

  • How secure your public-facing infrastructure is and whether it has been suitably hardened;
  • If your patch policy is sufficient;
  • How your authentication mechanism works and the security of your password requirements;
  • Weaknesses in your encryption configuration; and
  • User access privileges, authorisation and server configurations.

Download the service description for the full list


At the end of the testing, you will receive a comprehensive report covering:

 Executive summary

A high-level, non-technical summary of vulnerabilities identified and your business’s risks.

 Testing details

A detailed description of the methodologies followed and the scope of testing.

 Vulnerability findings

Overview, consultant’s commentary and detailed descriptions of each technical vulnerability identified, with remediation advice.

Download the full service description


Methodology

The test will be performed using IT Governance’s proprietary security testing methodology, which is closely aligned with the SANS, OSSTMM (Open Source Security Testing Methodology Manual) and OWASP (Open Web Application Security Project) methodologies.


Who is the service for?

This service is suitable for most organisations that have public-facing web applications and underlying infrastructure such as company websites, customer portals or e-commerce websites.

Benefits

Benefits of this service

Get real-world insight into your vulnerabilities

Identify and understand the technology-related vulnerabilities affecting your network, and the business impacts these present.

Safeguard your organisation

From the detailed report, you will be able to implement secure measures (such as strong authentication and session management controls, and keeping untrusted data separate from commands and queries), thereby reducing the likelihood of a security breach while protecting your brand.

Demonstrate strength to key stakeholders

Demonstrate a strong security posture to clients by providing third-party assurance that your external infrastructure and web applications are secure.

Supports best practice

Supports compliance with the PCI DSS (Payment Card Industry Data Security Standard), ISO 27001, the UK DPA (Data Protection Act) 2018 and the GDPR (General Data Protection Regulation), as well as other laws, regulations and contractual obligations.

Safeguard your brand

Protect brand loyalty and corporate image by reducing the likelihood of a security breach.

Technical and non-technical descriptions

Our expert consultant will provide you with updates throughout your project, from both technical and non-technical perspectives.

Finding vulnerabilities since 2010

Our established UK penetration testing team has extensive testing experience that ensures clients receive a comprehensive service.

Why IT Governance?

Why choose IT Governance?

  • Our CREST-certified penetration testing team will provide you with clarity and technical expertise, as well as peace of mind that your external infrastructure and web applications have been reviewed by experienced testers in line with your business requirements.
  • Get one-to-one expert advice at any stage of the engagement, along with an end-of-test debrief and answers to queries following the issue of the report.
  • Our detailed reports describe any identified business risks from both technical and non-technical perspectives.
  • Our UK penetration testing team has been operational since 2010, amassing extensive testing experience that ensures clients receive a comprehensive service.

Customer Reviews

(4.50)stars out of 5
Number of reviews: 2
1. on 28/01/2022, said:
4 stars out of 5
The whole project from early discussion to testing, report generation and de-briefing was very easy and simple and IT Governance Penetration Testers demonstrated a great deal of technical knowledge and we were treated in a thoroughly professional manner throughout the engagement. Completely met our expectations. Comprehensive service delivered that met with our demanding expectations - thoroughly recommended
2. on 27/01/2022, said:
5 stars out of 5
Our company had a need to conduct a Black-Box standard Combined Infrastructure/Web App Test. It was an Information Security requirement we want to go beyond the Cyber Essentials test and replicate as near possible an “real World “scenario. A pleasing, Un complicated pre-engagement phase was completed with IT Governance Testers and our Account Manager. The testing programme was delivered completely in line with our expectations. The professional approach taken by all involved in delivering this particular service at IT Governance was especially noteworthy– The test report documentation was excellent and fully meet our specific requirements. A value for money solution, I definitely can recommend IT Governance to carry out any specific testing requirements; from the most simple to the most complex: 5 Star product and service received.
Showing comments 1-2 of 2
This website uses cookies. View our cookie policy
SAVE 25% ON
FOUNDATION TRAINING
Loading...