Pentest

Do you want to check the security of your web application? Or want to perform a security test in regard to an upcoming audit? Web Security Scan's certified security experts (CISA, CISSP, OSCP) conduct penetration tests, also known as pentests or ethical hacking tests, on web applications and underlying systems in order to identify security risks and weak spots that hackers can abuse.

Our certified security experts, also known as ethical hackers or white-hat hackers, carefully scrutinize your website through manual testing methods on the most recent vulnerabilities and security flaws. Test results are presented in a comprehensive report with findings and clear recommendations (i.e. solutions for resolving and preventing security issues) and advice regarding the overall security of your web application.

Optionally, a retest (re-audit) can be requested on specific components, after fixing earlier found vulnerabilities. This way you will immediately see whether the measures taken have been sufficient. Find more information on retesting.

Start with Pentesting

Do you know which pentest you need? Request a quote directly. Go to "Get a Quote" and leave behind relevant information on the form. Within 24 hours we will contact you to discuss further coordination.

Are you unsure which type of pentest suits you best? See our "Plans & Pricing" for several possibilities.

Do you rather prefer personal advice of an expert? Or do you wish to analyze your own situation and possibilities? Give us a call or go to "Contact Us" and fill in your contact details. A security adviser will contact you within 24 hours.

Specialized Penetration Tests

Do you want a specific penetration test in regard to one of the following topics? We know what is expected of you and of us in the context of these subjects. Reports are customized to meet the specific topic.

Open Scope Network Pentest

Conduct an open scope penetration test on the entire external network (full risk chain) of the organization.

24 - 60 hours (dependent on the organisation)  

ISO27001 Compliance Pentest

Perform a penetration test to comply with ISO27001 requirements, as part of your Information Security Management System.

24 - 48 hours (average indication)  

Different Types of Penetration Tests

Web Security Scan performs various types of penetration tests, dependent on the objectives and customer needs. The difference between the various tests is in the amount of knowledge and background information that the tester receives beforehand.

The pentest type to be performed is determined in dialogue with the client, based on the client's situation and the intake process.

  • Black box test - tester has minimal knowledge, is the best simulation of a real-life hack.
  • Grey box test - tester has partial information (e.g. login account.).
  • White box test - tester has understanding of all aspects of the system in advance.
  • Crystal box test - tester usually has the source code of the application and access to all kinds of configuration information (results in most accurate findings).
  • Time box test / budget box test - test where the lead time or budget determines when the test ends.

Test Methods & Techniques

Our penetration tests are carried out through a combination of manual methods and techniques, used by real hackers, and automated security tools. This combination of thorough testing methods ensures most vulnerabilities and security risks within your web application are discovered.

The latest developments and issues in the field of cyber security, zero-day vulnerabilities, and the newest hacking methods and techniques are included in our security research.

Pentest exameple

Methodology

Our certified security specialists (OSCP, OSWE, CISSP, CISA, CEH) have proven experience in performing penetration tests. Our security assessment methodology is based on the guidelines of the Information Systems Security Assessment Framework (ISSAF), Cybersecurity Framework of the National Institute of Standards and Technology (NIST), Open Source Security Testing Methodology Manual (OSSTMM), Penetration Testing Execution Standard (PTES) and recommendations from the Open Web Application Security Project (OWASP).

These principles provide guidance for securely developing, maintaining, delivering and testing web applications and their underlying IT infrastructure. The principles are the result of best practices by security experts, engaged organizations and supporting cybersecurity community.

Web Security Scan regularly evaluates and improves its testing methodology to keep up-to-date with the most recent security developments and latest testing methods and techniques.