Web Application Testing

Web application attacks range in size and complexity, from the exploitation of vulnerable open source components, to app-specific attacks which take advantage of user controls. Internal web applications are at risk too, from disgruntled or malicious users who may find loopholes and use their position to wreak havoc.

As well as scanning and testing your entire web-based infrastructure for any gaps, we’ll provide you with a clear step-by-step guide to help you boost your defences.

Dedicated Lead Consultant

Works in partnership with you every step of the way.

Experienced Team

Security specialists with a background in product development.

Advanced Techniques

Manual automated testing methods leave no weakness uncovered.

Clear Guidance

Detailed reporting and ongoing support help you achieve complete security.

An essential part of your security strategy

If you’re a web-based business, web application testing is essential. As the capabilities of applications continue to increase, so does the scale of attacks against them.

With web application security comprising of websites and web services such as APIs, the sheer size of the attack surface can seem overwhelming – but it doesn’t have to be.

Speak with our expert team to find out how we can help you keep your business-critical web applications secure.

How we work

Pre-test

We determine your specific requirements before building a tailored proposal.

Test

Our thorough testing simulates the attack methodologies of today’s most advanced hackers.

Reporting

Our comprehensive reports impart clear, practical advice on how to address any weaknesses.

Review

We offer ongoing support to guide you through the process of securing your applications.

DON’T BECOME ANOTHER VICTIM

The Equifax data breach in 2017 should have acted as a stark reminder that cyber-attacks can cause significant financial damage to an organisation.

As well as the direct costs associated with responding to a breach and securing your systems, indirect costs such as regulatory fines, legal action and reputational damage can all damage your bottom line for years to come.

Most breaches are easily avoidable, and in the case of Equifax a web application penetration test could have helped to identify the issues that lead to it being exploited.

FAQs

What is tested during a web application test?

Our standard assessment leverages advanced methodology that we developed in-house and uses a combination of automated and manual testing capabilities. Although the specific scope of each test will be determined by the web applications you use and your unique requirements, every test we carry out is in-line with the OWASP Top 10 framework as a minimum.

We’ll scan for a wide range of vulnerabilities in your web applications, including:

Cross-site scripting (XSS) flaws, which can allow attackers to extract data or perform DDoS attacks.
SSL/TLS weaknesses, which can compromise sensitive personal information.
Insecure deserialization, often leading to remote code execution attacks – one of the most serious attacks possible.

Will my day to day activity be disrupted?

Since our testing is carried out on a replica of your live environment, our assessments won’t have any impact on your day-to-day operations.

Should I have any other tests alongside web application testing?

In order to ensure all of your business-critical applications are working securely, and to avoid being exposed to potentially detrimental fines it’s advisable to have all web applications, mobile applications and software products thoroughly tested for any vulnerabilities.

Other services

Mobile Application Testing

86% of mobile applications have at least one vulnerability violating the OWASP Top 10. If these issues are exploited by cyber criminals or malicious users, it can have serious implications for an organisation, in terms of both cost and reputational damage.

Learn more >

Product Assessment

If you develop a software product or service, are you confident that it’s as secure as it can be? Your clients rely on you to keep their data secure, so if you’ve not had your product or service independently assessed, your reputation is at risk if a vulnerability is discovered.

Learn more >

Cookie Name	Expiration Time	Description
_ga	2 years	Used to distinguish users.
_gid	24 hours	Used to distinguish users.
_gat	1 minute	Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.

_gac_<property-id>	90 days	Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.
__hstc	13 months	The main cookie for tracking visitors.
hubspotutk	13 months	This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts.
__hssc	30 minutes	This cookie keeps track of sessions.
__hssrc	End of session	Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser.