We test your web applications

Web application penetration test

During a penetration test of your web applications and websites, our hackers manually check whether they contain vulnerabilities.

In doing so, we are primarily guided by the OWASP Top 10.

We do not follow up on the PenTest web app Scheme-F We don't just look at the classic weaknesses, but also take a fresh look at each application so that we can uncover application-specific weaknesses.

What vulnerabilities can a web application contain?

Web applications can contain a wide variety of vulnerabilities. Vulnerabilities that we repeatedly find during our penetration tests are listed below.

Types of web app penetration tests

Web app pen tests can be carried out in different ways. As a rule, the approach differs according to the knowledge base provided, which is the starting point for our IT security analysts.

Black Box - Little to no information

Penetration test of the application without a previously registered user. No additional information is available.

Grey Box - Additional initial information

Access to different users who have different levels of authorisation. This allows us to check more quickly whether endpoints can be accessed by low-privileged users that should be reserved for higher-privileged users.

White Box - Comprehensive information and access to the application, its source code, different users and logging information

The most effective approach: We have access to different users with different rights, as well as to parts of the source code and the logs. This allows us to gain a comprehensive picture of the application's security.