Penetration Testing

Mon-Fri, 9am - 6pm CET

Do you want to check the security of your web application? Or want to perform a security test in regard to an upcoming audit? Web Security Scan's certified security experts (CISA, CISSP, CEH) conduct penetration tests, also known as pentests or ethical hacking tests, on web applications and underlying systems in order to identify security risks and weak spots that hackers can abuse.

Our certified security experts, also known as ethical hackers or white-hat hackers, carefully scrutinize your website through manual testing methods on the most recent vulnerabilities and security flaws. Test results are presented in a comprehensive report with findings and clear recommendations (i.e. solutions for resolving and preventing security issues) and advice regarding the overall security of your web application.

Optionally, a control test (re-test) can be requested on specific components, after fixing earlier found vulnerabilities. This way you will immediately see whether the measures taken have been sufficient.

Start with Penetration Testing

Do you know which pentest you need? Request a quote directly. Go to "Get a Quote" and leave behind relevant information on the form. Within 24 hours we will contact you to discuss further coordination.

Are you unsure which type of pentest suits you best? See our "Plans & Pricing" for several possibilities.

Do you rather prefer personal advice of an expert? Or do you wish to analyze your own situation and possibilities? Give us a call or go to "Contact Us" and fill in your contact details. A security adviser will contact you within 24 hours.

Specific Penetration Tests

Do you want a specific penetration test in regard to one of the following topics? We know what is expected of you and of us in the context of these subjects. Reports are customized to meet the specific topic.

CMS Pentest

Test the security of your Content Management System with specifically developed testing methods.

10 - 40 hours (average indication)

ISO27001 ISMS Pentest

Check the current security status of your ISO27001 Information Security Management System. Perform a pentest as part of the Plan-Do-Check-Act cycle

24 - 48 hours (average indication)

Different Types of Penetration Tests

Web Security Scan performs various types of penetration tests, dependent on the objectives and customer needs. The difference between the various tests is in the amount of knowledge and background information that the tester receives beforehand.

The pentest type to be performed is determined in dialogue with the client, based on the client situation and the intake process.

  • Black box test - tester has minimal knowledge, is the best simulation of a real-life hack.
  • Grey box test - tester has partial information (e.g. login account.).
  • White box test - tester has understanding of all aspects of the system in advance.
  • Crystal box test - tester usually has the source code of the application and access to all kinds of configuration information (results in most accurate findings).
  • Time / budget box test - test where the lead time or budget determine when the test ends.

Methods and Techniques

Our penetration tests are carried out through a combination of manual methods and techniques, used by real hackers, and automated security tools. This combination of thorough testing methods ensures most vulnerabilities and security risks within your web application are discovered.

The latest developments and issues in the field of cyber security, zero-day vulnerabilities and newest hacking methods and techniques are included in our security researches.

Pentest exameple


Our certified security specialists (CISSP, CISA, CEH) have proven experience in performing penetration tests. Our security assessment methodology is based on the guidelines of the Information Systems Security Assessment Framework (ISSAF) and recommendations of the Open Web Application Security Project (OWASP).

These principles provide guidance for securely developing, maintaining and delivering web applications and their underlying infrastructure. The principles are the result of best-practices by security experts, engaged organizations and supporting cybersecurity community.