Web Application Penetration Testing PDF Print E-mail
"86% of all websites had at least one serious* vulnerability." - WhitehatSec

Web application penetration testing is one of targeted way to evaluating the security of the web application by simulating various exploitation attempts from an external source. Our information security consultants whom are well versed in manual web application penetration testing and assessment methodology will help you discover these web vulnerabilities through harvesting of information on your web application and infrastructure environment. Once gathered, the next step is to perform active analysis and testing against the web application using various tools to identify any weakness, technical flaws or vulnerabilities residing in your web applications, which might lead to security compromise and availability of information.

Our assessments are based on the Industry Security Standards and Best Practices including OWASP Web Application Security Standards. Sample assessment Techniques used in our Manual Web Application Penetration Testing includes:

  1. Injection Flaws like SQL Injection and Command Injection
  2. Cross Site Scripting
  3. Parameter Manipulation
  4. Buffer Overflows
  5. Broken Access Control
  6. Broken Authentication and Session Management
  7. Error Handling
  8. Invalidated Parameters
  9. Insecure Configuration Management

The web application penetration test aims to provide a safe approach to evaluate the security of your web applications without disruption to your business operation. Any security issues that are found are reported to the system owners together with an impact analysis and proposal for technical solution or mitigation sorted by their risk levels. We further recommend that web application penetration test be performed at least yearly or if any major changes to the network or web application to ensure that the organisation IT systems are constantly secure and well protected.

Key Benefits:

  • Standards Based – Our penetration tests are based on Industry Security Standards and Best Practices such as OWASP
  • Experience information security consultants - We are specialise in manual web application penetration testing
  • State of the art Tools – We leverage state of the art commercial, open source & proprietary tools.
  • Efficient & Cost Effective – We provide a one stops comprehensive web application penetration services and leverage on a teams of experience information security consultant to meet tight schedules and budgets.
  • Safe approach - We adopt a safe approach to evaluate the security of your web applications to understand hacker mentality without disruption to your business operation.


*Serious vulnerabilities are defined as those in which an attacker could take control over all, or some part, of the website, compromise user accounts on the system, access sensitive data, violate compliance requirements, and possibly make headline news. In short, serious vulnerabilities are those that should really be fixed.