Web Application Penetration Testing
Requirement 11.3 of PCI Compliance requires Penetration testing to include Application layer testing at least once a year and after any significant infrastructure or application upgrade or modification.
Web Application Penetration testing determines whether and how a malicious user can gain unauthorized access and exploit the vulnerabilities of a web application. This is a manual process that may include the use of vulnerability scanning or other automated tools, resulting in a comprehensive report with a description of each vulnerability verified and/or potential issue discovered. More specific risks that vulnerability may pose, including specific methods how and to what extent it may be exploited. Examples of vulnerabilities include but are not limited to SQL injection, privilege escalation, cross-site scripting, or deprecated protocols.
Pricing
Tier 1
- Upto 25 Pages
- One Domain
- 1 Maintenance test
- Remediation Guidance
- Voice & Email Support
- Dedicated Account Manager
Tier 2
- Upto 50 Pages
- Multi Sub domain
- 2 Maintenance tests
- Remediation Guidance
- Voice & Email Support
- Dedicated Account Manager
Tier 3
- Unlimited
- Multi Sub domain
- 2 Maintenance tests
- Remediation Guidance
- Voice & Email Support
- Dedicated Account Manager
Features
Automated Application Vulnerability Scanning
Manual Penetration Testing
Zero false positives
OWASP Top 10 Coverage
Simple and Complex Logic Flaw Coverage
Multi-level authentication testing
Production Safe
Comprehensive Report with Remediation plan
Video and Image Based Evidences