Reliable security assessments for a secure web application
We are IT security experts who help you secure your web applications and IT infrastructures.
We use proven hacking methods and techniques used by real hackers.
Get personal advice for determining the appropriate security assessment.
Manual and automated security tests combined for thorough test results of your security.
Secure your company and customer data. Keep up your reputation. Prevent leakage of privacy-sensitive or valuable data.
Manual and automatic checks on all types of vulnerabilities, such as SQL injections, Cross-site scripting, weak passwords, hidden files, and much more.
Single or Periodic Tests
Decide whether you prefer a one-time pentest, re-test, or periodic security checks on your web application. We are happy to think along with you for a suitable solution.
Proven Track Record
Having successfully supported 200+ different organizations (multinationals, SMEs, public, non-profit), we have established a proven track record.
Availability of multiple report formats, including comprehensive developer reports, concise management reports, and reports based on the OWASP Top 10 or NCSC guidelines.
Receive personal support during the entire security process, from the intake to planning, preparing, testing, discussing testing results, fixing vulnerabilities, and re-testing.
Code Review and Static Code Analysis
Certified (OSCP, OSWE, CISA, CISSP) and experienced web security and web development experts can manually analyze or perform static code analysis on the source code if the code is available.
Why perform a pentest?
More than 4,5 billion data records compromised in first half of 2018
Findings in the Breach Level Index by Gemalto indicate that more than 4,5 billion records have been comprised in the first half of 2018, exposing the records of millions of individuals. Many of these records include personal information, such as client data.
Organizations are failing to deploy adequate cyber security tools and processes that are needed to prevent these types of attacks from occurring. By performing a pentest, organizations obtain insight in their IT-security and can take appropriate measures to prevent cyberattacks and compromisation of sensitive data.
Type of web application attacks in 2018
The top attack types used against web applications in 2018 were SQL-injection (44%), local file-inclusion (39%), and cross-site scripting (10%).
These attacks continue to dominate, as they work more often than not against unprotected websites. Conversely, if your website protections are not actively blocking this sort of traffic, there is a greater risk that these sorts of attacks potentially impact your organization.
76% of scanned web applications were found to have vulnerabilities
Research by Symantec shows that a stunning 76% of all web applications scanned contain vulnerabilities. Cross-Site Scripting and Information Leakage prove to be most frequent vulnerabilities in the applications.
Recommended by the Dutch National Cyber Security Centre
The National Cyber Security Centre (NCSC) of the Dutch government state in the ICT-Security Guidelines for Web Applications (version 2015, guideline C.05) that an periodic black-box scan should be performed as technical audit function, with the full functionality of the web application being scanned.
“A blackbox scan emulates a hacker's approach the best, since the scanner has no knowledge beforehand about the web application that will be tested for vulnerabilities. Tools to perform black-box scans are known as Web Application Scanners (WAS). A WAS performs a large number of tests on a web application, e.g. tests or several variants of SQL-injection and XSS.”
Knowledge and Experience from Web Development
Web Security Scan is part of DongIT. We conduct security assessments/penetration tests and we develop secure web applications. Knowledge and experience from web development is used for pentesting and vice versa. This gives the Web Security Scan's quality of service just that bit of extra.
Manual and Automated Tests Combined
We manually interact with your web application to analyse its behavior. In contrast to many security services we don't simply run our security software. We use the combination of manual and automated tests for the most accurate and thorough results.
Proven Hacking Methods and Techniques
We are IT security experts that help you secure your web applications. We use proven hacking methods, techniques and software, used by real hackers.