You can benefit from our experience and low overheads allowing you to obtain expert testing at a cost effective price.

 

Our web application security testing is carried out in adherence with the CHECK, CREST, and OWASP testing methodologies providing you with detailed results.

Our Testers will assess your web applications against the OWASP Top 10 vulnerabilities to ensure you are free from known vulnerabilities.


Web Application Security Testing designed to make things easier for you. 

Our Web Application Security Testing service has been designed to make it quick, simple and easy for you to get a proposal and to arrange a test. Our process works as follows.


Scoping Your URL's

We can discuss your requirements in person, on the phone or send you our scope of work document. Once we have details of your requirement along with the targets in scope we can move to the next stage.

         

Preparing Your Proposal 
Our testing team evaluate your scope of work and determine how long testing will take. We then prepare and send your proposal including reference sites and costs.

         

Delivering Your Test and Report

We schedule and deliver your test providing you with your comprehensive report on completion which details discovered vulnerabilities with their recommended fixes. 


Web Application Security Testing 

Our Web Application Security Testing is a risk based manual assessment which uses a mix of automated testing tools combined with manual testing in strict adherence with the OWASP, CHECK and CREST testing methodologies.

 

Web application security testing includes but is not limited the following analysis and testing.     

  • Injection - SQL, OS, LDAP etc.     

  • Broken Authentication and Session Management  

  • Cross-Site Scripting (XSS)

  • Insecure Direct Object References

  • Security Misconfiguration

  • Web Application Security Testing Methodology

Our web application security assessment testing methodology utilises a mix of all the leading standard methodologies an is constantly evolving. The main headings for our approach are as follows.

  • Sensitive data exposure

  • Missing Function Level Access Control

  • Cross-Site Request Forgery

  • Using Components with Known Vulnerabilities

  • Unvalidated Redirects and Forwards

  • Application Assessment

  • Authentication Assessment

  • Authorisation Analysis

  • Session Management Analysis

  • Encryption Analysis

  • Information Leakage Analysis

  • Input/Output Validation Analysis

  • Application Logic Analysis

  • Information Gathering

  • Attack Environment Preparation

  • Target Enumeration

  • Attack Preparation 

  • Attack Surface Discovery

  • Vulnerability Discovery

  • Vulnerability Analysis

  • Vulnerability Exploitation

  • Impact and Exploitability Analysis

  • Test Data Correlation

  • Mitigation Research

  • Reporting

 

Benefits 

Fast turnaround from enquiry to testing
Simple process to get your proposal
Complimentary commercial and technical scope of requirements
Testing available 247 scheduled to suit your requirements

Cost effective competitive pricing
Complementary post testing support
Flexible delivery through our out of hours testing service

Immediate Notification of Critical Risks

Easy to follow report with clear directions on how to fix discovered vulnerabilities

unique approach and low overheads allow us to provide you with quality testing at a highly cost effective price.

All of our tests come with easy to follow reporting making it easy for you to remediate discovered vulnerabilities.


 

Expert Web Application Security Testing

 

Our web application security testing service has been designed to make the process of scoping your target URL's, getting a quote and undertaking your testing as easy as possible for you

University Business Centre

Piece Mill

Halifax

HX1 1QE

t: 01422 416000  

e: sales@cognisys.co.uk

Co Reg No: 11035382