Do you want to check the security of your web application? Or want to perform a security test in regard to an upcoming audit? Web Security Scan's certified security experts (CISA, CISSP, OSCP) conduct penetration tests, also known as pentests or ethical hacking tests, on web applications and underlying systems in order to identify security risks and weak spots that hackers can abuse.
Our certified security experts, also known as ethical hackers or white-hat hackers, carefully scrutinize your website through manual testing methods on the most recent vulnerabilities and security flaws. Test results are presented in a comprehensive report with findings and clear recommendations (i.e. solutions for resolving and preventing security issues) and advice regarding the overall security of your web application.
Optionally, a retest (re-audit) can be requested on specific components, after fixing earlier found vulnerabilities. This way you will immediately see whether the measures taken have been sufficient. Find more information on retesting.
Start with Pentesting
Do you know which pentest you need? Request a quote directly. Go to "Get a Quote" and leave behind relevant information on the form. Within 24 hours we will contact you to discuss further coordination.
Are you unsure which type of pentest suits you best? See our "Plans & Pricing" for several possibilities.
Do you rather prefer personal advice of an expert? Or do you wish to analyze your own situation and possibilities? Give us a call or go to "Contact Us" and fill in your contact details. A security adviser will contact you within 24 hours.
Specialized Penetration Tests
Do you want a specific penetration test in regard to one of the following topics? We know what is expected of you and of us in the context of these subjects. Reports are customized to meet the specific topic.
Different Types of Penetration Tests
Web Security Scan performs various types of penetration tests, dependent on the objectives and customer needs. The difference between the various tests is in the amount of knowledge and background information that the tester receives beforehand.
The pentest type to be performed is determined in dialogue with the client, based on the client situation and the intake process.
- Black box test - tester has minimal knowledge, is the best simulation of a real-life hack.
- Grey box test - tester has partial information (e.g. login account.).
- White box test - tester has understanding of all aspects of the system in advance.
- Crystal box test - tester usually has the source code of the application and access to all kinds of configuration information (results in most accurate findings).
- Time box test / budget box test - test where the lead time or budget determine when the test ends.
Test Methods & Techniques
Our penetration tests are carried out through a combination of manual methods and techniques, used by real hackers, and automated security tools. This combination of thorough testing methods ensures most vulnerabilities and security risks within your web application are discovered.
The latest developments and issues in the field of cyber security, zero-day vulnerabilities and newest hacking methods and techniques are included in our security researches.
Our certified security specialists (OSCP, OSWE, CISSP, CISA, CEH) have proven experience in performing penetration tests. Our security assessment methodology is based on the guidelines of the Information Systems Security Assessment Framework (ISSAF), Cybersecurity Framework of the National Institute of Standards and Technology (NIST), Open Source Security Testing Methodology Manual (OSSTMM), Penetration Testing Execution Standard (PTES) and recommendations from the Open Web Application Security Project (OWASP).
These principles provide guidance for securely developing, maintaining, delivering and testing web applications and their underlying IT-infrastructure. The principles are the result of best-practices by security experts, engaged organizations and supporting cybersecurity community.
Web Security Scan regularly evaluates and improves its testing methodology in order to keep up-to-date with the most recent security developments and latest testing methods and techniques.