• Oxford: +44 (0)1865 877830 
  • Manchester: +44 (0)161 713 0176 
  • Edinburgh: +44 (0)131 541 0118 
  • New York: +1 646-781-7580 
  • Bucharest: +40 316 301 707 
  • Tokyo: +81 (3) 4588 8181 

Web Application Penetration Test

You are here

More and more software applications that your organisation uses are delivered to end users via a web browser. These 'web applications' may vary from internally developed software to off the shelf packages, from accounting systems to web shops, and from having restricted local network access to being widely available over the internet.

Dionach discover serious issues such as SQL injection and cross-site scripting in the majority of web applications that we perform penetration tests on. This is why ongoing and regular web application pen testing is such a vital part of your defences.

Dionach will test your web sites, extranets and intranets for application layer vulnerabilities. Your applications (both those developed by you and those bought in) will be tested for:

  • Information disclosure
  • Privilege escalation
  • SQL injection
  • Cross-site scripting
  • Cross-site request forgery
  • Access control issues
  • Other issues

in an attempt to gain access to sensitive data or to the network.

Dionach uses the OWASP top ten as a base for common security issues and develops test cases to build attack vectors specific to the type of website application. We are also constantly updating our security database with new threats and attempts to gain access to sensitive data.

If the web application requires login credentials then a test can be carried out first without credentials and then with credentials for users with different roles. The test can be done blind, without access to the source code, as an attacker would do (black box penetration test), or with more information about the architecture or source code (white box penetration test).

The output of a Dionach Web Application Penetration Test is a report with a non-technical overview of the impacts and likelihood of the most serious security issues, coupled with technical details of the tests undertaken, more comprehensive descriptions of the individual issues, and recommendations for resolution.

We prefer to deliver this Web Application Security Vulnerability Assessment report face to face to enable discussion and full comprehension of the risks identified. We also make our testers available for further meetings and discussions with those who are tasked with fixing any issues. Finally, we recommend a retest to ensure that fixes have been successfully applied.


Contact us now for a free no-obligation initial consultation