Web Application Vulnerability Assessment

Organisations launching a new website should conduct an Active Security Test, including comprehensive penetration testing. Once a website is in production however, it still makes sense to conduct regular, inexpensive automated testing of your web properties.

We use a commercial web application scanning service to conduct an assisted scan of your web sites. This is a crawler/vulnerability tester that provides a DAST (Dynamic Application Security Testing) service. As well as testing sites for OWASP and other vulnerabilities, it looks for leakage of sensitive data, and has support for web services testing.

The deliverable is a regular vulnerability report with technical explanations, likelihood & consequence ratings, and advice on how to remediate.