Web app testing is the services list, which may include various software testing types.

he main testing goal is to reveal all errors in the software and develop recommendations for their prevention in the future.

There are three basic operation methods:

Black box
Grey box
White box

Together with the penetration test client, we approve the work date and time, appoint responsible persons and determine the performer awareness level – Black Box, White Box or Gray Box.

Compliance Control has got large background in web application security testing. Highly qualified company’s specialists use both the best world practices, methods and tools. Works can be carried out both with a direct visit of a specialist to your office and while using remote access technologies.

Penetration testing techniques


  • The Open Web Application Security Project («OWASP») Testing Guide v4;
  • Open Source Security Testing Methodology Manual («OSSTMM») v3;
  • Technical Guide to Information Security Testing and Assessment (SP 800-115);
  • ISACA IS auditing procedure «Security assessment-penetration testing and vulnerability analysis»;
  • Penetration Testing Execution Standard («PTES»);
  • A Penetration Testing Model («BSI»);
  • Payment Card Industry («PCI») Data Security Standard («DSS») Guidance: PCI Information
  • Supplement: Penetration Testing Guidance v3.2.1;
  • Federal Risk and Authorization Management Program («FedRAMP»): FedRAMP Penetration Test Guidance 1.0.1.
Contact us
To get consulted on web app security testing and we will contact you within 30 minutes.
General project plan
Stage 1
We identify vulnerabilities Commonly known vulnerabilities, which tend to cause the service disruption.
Stage 2
Identified vulnerabilities verification We check and confirm the potential vulnerabilities presence.
Stage 3
Information analysis.
Project results

A detailed report, containing the revealed vulnerabilities, recommendations for eliminating them, examples of attacks and descriptions of possible penetration scenarios, will be provided on the penetration testing results basis.