What we offer

Clear focus, deep expertise, and a partnership built on handshake quality.

Pentest of a web application

Does your web application process sensitive data or is it business-critical? We test authentication, authorization, and classic web vulnerabilities such as flawed input validation. Whether custom-built, standard CMS, or REST API: we put your web application to the test!

Sample Report Web Application
01

Scenario

Public accessibility, anonymity, and the low barrier to entry make web applications especially attractive targets. In a pentest we mirror an attacker who has access to a user account and can use the application with different permission levels.

02

Preparation

We need test accounts with different roles and, depending on complexity, an introduction to how the application works and how it is built. For reliable tests, exclude us from protection systems such as web application firewalls. On request we also review source code.

03

Checklist

First we map the attack surface and visible features of the application. Then we test login and sign-in flows, your permission model, and whether user roles can only see and do what they are supposed to. We test inputs, file uploads, interfaces, and the business logic of the application, as well as session handling. We also review web server configuration and connections to other systems.

04

Scope

Smaller web applications typically need 3-5 person-days. More complex ones often need 8-10. A person-day costs €1,600.

6 steps to your pentest

How we work

1

We gather your requirements

In a scoping call we define the scope and framework of the pentest together. We agree on what is in scope and what is explicitly excluded.

2

We prepare your offer

Based on your requirements we prepare a tailored offer. You receive it promptly, with a clear breakdown.

3

We clarify all prerequisites

After you engage us, we prepare the pentest in a kickoff. We align on access, test accounts, time windows, and communication channels.

4

We deliver the best pentest for you

We test within the agreed scope and timeframe. During the engagement we stay in contact and report critical findings through the agreed channels. When testing is complete, you receive the report as a secured PDF.

5

We discuss the results

Pentest reports are often extensive. After delivery we remain your point of contact and are happy to walk through the results and priorities with you.

6

We retest for free

So you can act on the report, we retest remediated vulnerabilities once at no charge if fixes are completed within eight weeks of report delivery.

Ready to work with us ?

We go on the offensive for you and uncover vulnerabilities in your applications and infrastructure so attacks never get a chance.