Reliable security assessments for a secure web application

We are IT security experts who help you secure your web applications and IT infrastructures.

We use proven hacking methods and techniques used by real hackers.

Get personal advice for determining the appropriate security assessment.

Manual and automated security tests combined for thorough test results of your security.


Secure your company and customer data. Keep up your reputation. Prevent leakage of privacy-sensitive or valuable data.


All Vulnerabilities

Manual and automatic checks on all types of vulnerabilities, such as SQL injections, Cross-site scripting, weak passwords, hidden files, and much more.


Single or Periodic Tests

Decide whether you prefer a one-time pentest, re-test, or periodic security checks on your web application. We are happy to think along with you for a suitable solution.


Proven Track Record

Having successfully supported 200+ different organizations (multinationals, SMEs, public, non-profit), we have established a proven track record.


Report Options

Availability of multiple report formats, including comprehensive developer reports, concise management reports, and reports based on the OWASP Top 10 or NCSC guidelines.


Personal Support

Receive personal support during the entire security process, from the intake to planning, preparing, testing, discussing testing results, fixing vulnerabilities, and re-testing.


Code Review and Static Code Analysis

Certified (OSCP, OSWE, CISA, CISSP) and experienced web security and web development experts can manually analyze or perform static code analysis on the source code if the code is available.


Support for all Technologies

Support for all types of web techniques, such as PHP, .NET and Java. We also have broad experience with portals and CMSs, such as WordPress, Drupal, Magento, Joomla and TYPO3.


Customized Pentests

Based on the test goal, client requirements and information available beforehand, we conduct customized black-box, grey-box, white-box, crystal-box and time/budget-box pentests.


Security Trustmark Logo

Show you highly value data security and boost consumer trust. Place the Web Security Scan Trustmark logo on your website when no severe vulnerabilities have been found.

Test your Web Application Security

Test your web application for security threats and vulnerabilities. Plan a vulnerability scan or request an in-depth penetration test.

Check our Prices

Why perform a pentest?

More than 4,5 billion data records compromised in first half of 2018

Findings in the Breach Level Index by Gemalto indicate that more than 4,5 billion records have been comprised in the first half of 2018, exposing the records of millions of individuals. Many of these records include personal information, such as client data.

Organizations are failing to deploy adequate cyber security tools and processes that are needed to prevent these types of attacks from occurring. By performing a pentest, organizations obtain insight in their IT-security and can take appropriate measures to prevent cyberattacks and compromisation of sensitive data.

Type of web application attacks in 2018

The top attack types used against web applications in 2018 were SQL-injection (44%), local file-inclusion (39%), and cross-site scripting (10%).

These attacks continue to dominate, as they work more often than not against unprotected websites. Conversely, if your website protections are not actively blocking this sort of traffic, there is a greater risk that these sorts of attacks potentially impact your organization.

76% of scanned web applications were found to have vulnerabilities

Research by Symantec shows that a stunning 76% of all web applications scanned contain vulnerabilities. Cross-Site Scripting and Information Leakage prove to be most frequent vulnerabilities in the applications.

Recommended by the Dutch National Cyber Security Centre

The National Cyber Security Centre (NCSC) of the Dutch government state in the ICT-Security Guidelines for Web Applications (version 2015, guideline C.05) that an periodic black-box scan should be performed as technical audit function, with the full functionality of the web application being scanned.

“A blackbox scan emulates a hacker's approach the best, since the scanner has no knowledge beforehand about the web application that will be tested for vulnerabilities. Tools to perform black-box scans are known as Web Application Scanners (WAS). A WAS performs a large number of tests on a web application, e.g. tests or several variants of SQL-injection and XSS.”


Knowledge and Experience from Web Development

Web Security Scan is part of DongIT. We conduct security assessments/penetration tests and we develop secure web applications. Knowledge and experience from web development is used for pentesting and vice versa. This gives the Web Security Scan's quality of service just that bit of extra.

data separate line top

Manual and Automated Tests Combined


We manually interact with your web application to analyse its behavior. In contrast to many security services we don't simply run our security software. We use the combination of manual and automated tests for the most accurate and thorough results.

data separate line bottom

Proven Hacking Methods and Techniques


We are IT security experts that help you secure your web applications. We use proven hacking methods, techniques and software, used by real hackers.