Web Application Security Testing

Web app testing is the services list, which may include various software testing types.

The main testing goal is to reveal all errors in the software and develop recommendations for their prevention in the future.

There are three basic operation methods:

  • Black Box
  • Grey Box
  • White Box

Together with the penetration test client, we approve the work date and time, appoint responsible persons and determine the performer awareness level – Black Box, White Box or Gray Box.

  • Compliance Control has got large background in web application security testing. Highly qualified company’s specialists use both the best world practices, methods and tools. Works can be carried out both with a direct visit of a specialist to your office and while using remote access technologies.

Penetration testing techniques

  • The Open Web Application Security Project («OWASP») Testing Guide v4;
  • Open Source Security Testing Methodology Manual («OSSTMM») v3;
  • Technical Guide to Information Security Testing and Assessment (SP 800-115);
  • ISACA IS auditing procedure «Security assessment-penetration testing and vulnerability analysis»;
  • Penetration Testing Execution Standard («PTES»);
  • A Penetration Testing Model («BSI»);
  • Payment Card Industry («PCI») Data Security Standard («DSS») Guidance: PCI Information Supplement: Penetration Testing Guidance v3.2.1;
  • Federal Risk and Authorization Management Program («FedRAMP»): FedRAMP Penetration Test Guidance 1.0.1.

Contact us to get consulted on web app security testing and we will contact you within 30 minutes.

Fill the form

General project plan

Stage 1

We identify vulnerabilities Commonly known vulnerabilities, which tend to cause the service disruption.

Stage 2

Identified vulnerabilities verification We check and confirm the potential vulnerabilities presence.

Stage 3

Information analysis.

General project plan

  • Stage 1

    We identify vulnerabilities

    Commonly known vulnerabilities, which tend to cause the service disruption.

  • Stage 2

    General project plan

  • Stage 3

    Information analysis.

Project results

A detailed report, containing the revealed vulnerabilities, recommendations for eliminating them, examples of attacks and descriptions of possible penetration scenarios, will be provided on the penetration testing results basis.

Interested in a service? Contact us right now!