Website Penetration Testing

Once the scope and any testing limitations have been agreed upon, our CREST accredited penetration testers will gather information about the target application, for example, software version information, web technologies or frameworks in use and input fields. Through this they will be identify areas of the application to target with aim of exploitation.

Our highly skilled CREST registered penetration testers perform website penetration testing to simulate attacks using the same tools and techniques used by malicious adversaries.

Authentication provides protection to application functionality and sensitive information. Authenticated web penetration testing provides a greater level of assurance as we can fully test your application’s functionality. Through this we are also able to identify additional issues such as broken access controls and authentication vulnerabilities.

Typically, an API is used to support a web application and may be hosted separately to the main web application itself. They can provide multiple endpoints that handle user requests, such as changing passwords or inserting data records. They are a critical component of web applications and their security controls should be treated as such.

This depends on the agreed upon scope of the penetration test. For example, some factors that may affect how long a penetration test takes include the size of the application under review, such as number of forms or web pages and whether any of the pen testing is performed authenticated.

This depends on the size of scope and how many days it will take to complete the penetration testing. Contact us for a quote where we can assist you with any requirements or questions you may have about your web application.

Our skilled pentesters follow strict guidelines in accordance with legal and technical standards to ensure minimal disruption to your business whilst a website penetration test is performed. If you have any concerns, please contact us as we’ll be happy to discuss them with you.

Working with a CREST-approved penetration testing provider ensures you’re in safe and experienced hands. You should have the confidence that your penetration test is thorough and comprehensive. Your provider must carry out a test that’s technically comprehensive and will adhere to information security and quality assurance requirements set by CREST.

CREST is an international not-for-profit accreditation and certification body that represents and supports the technical information security market. Companies can become a CREST member company and apply for CREST accredited services. The application requires a rigorous assessment of companies’ processes, data security and service methodologies to ensure they’re to a best practice standard.

Yes! Sentrium have achieved the standards set by CREST, and are a CREST-Approved penetration testing service provider. We’re proud to offer services that achieve CREST’s very high standard of quality and professionalism which is recognised internationally.

Once the website penetration test is complete, the pen tester(s) assigned to the project will compile a detailed report that contains the vulnerabilities that were identified, what risk they pose and recommendations on how to remediate them. Once the report has been delivered, the team will be available for a conference call to discuss the report in detail and answer any questions you may have.