Combined Infrastructure and Web Application Penetration Test

Description

Our combined infrastructure and web application penetration test is built upon an established bespoke methodology primarily based upon the OWASP Top 10 Application Security Risks 2017 and OSSTM (Open Source Security Testing Methodology) for networks. This approach emulates the techniques of an attacker, using many of the same readily available tools. This enables a full assessment of the key components of the web applications and external network infrastructure.

The identified vulnerabilities are presented in a format that allows you to assess your organisation’s relative business risk and the cost of remediation.

Your challenge

Penetration testing is also an essential component of any ISO 27001 ISMS (information security management system) – from initial development through to ongoing maintenance and continual improvement.

Technical vulnerabilities affecting your information technology assets can be exploited by external attackers. These vulnerabilities – such as unpatched software, inadequate password and access control, and insecure applications – can put your entire information security management system at risk of failure or increase the time and money spent on its implementation.

Benefits

Our penetration test will help you:

• Gain real-world insight into vulnerabilities, including unpatched software, inadequate passwords, poorly coded websites and insecure applications;
  
• Discover the most vulnerable route through which an attack could be made; and
  
• Find any loopholes that could lead to the theft of sensitive data.
  

Our service offering

• A review of the testing environment to assess your application and network, and identify information that would be useful to a criminal hacker. 
  
• A range of manual tests using a methodology closely aligned with the OWASP (Open Web Application Security Project) and OSSTM.
  
• A series of automated vulnerability scans. 
  
• Immediate notification of any critical vulnerabilities to help you act quickly. 
  
• A detailed report that identifies and explains the vulnerabilities (ranked in order of significance). 
  
• A list of recommended countermeasures to address any identified vulnerabilities. 
  
• An executive summary that explains what the risks mean in business terms. 

Conditions

• The price is applicable for 20 externally facing IP addresses, and a single web application and database with up to 100 static web pages, or dynamic web pages using no more than five templates or a combination of the two.
  
• Testing will be conducted with a single level of authentication provided that the pages are accessible without authentication.
  
• Testing will not include file upload testing.
  
• This test is available as either an internal or external test.
  
• Consultant expenses related to travelling, etc. are not included in the price.
  
• On-site presentation of report findings and remedial consultations can be provided upon request at an additional cost.
  
• Discounts for multiple tests only apply when a two- or three-year contract is agreed at the purchase of the first test; discounts cannot be backdated. Each penetration test will be invoiced annually (in the year of the test). An invoice will be issued 28 days before the planned test.
  
• The quoted price applies to testing during regular office hours. An additional charge will be incurred for tests conducted outside of regular office hours (9:00 am to 5:30 pm).
  

Why choose us?

• Penetration tests should only be carried out by experienced consultants with the necessary technical skill set and qualifications. Our consultants have strong technical knowledge and a proven track record in finding security vulnerabilities. They carry out testing in a safe manner and advise on appropriate mitigation measures to ensure your systems are secure.
• Our CREST-certified penetration testing team will provide you with clarity, technical expertise and peace of mind.
  

Customer Reviews

(0.00)stars out of 5

# of Ratings: 0