The web application penetration testing service evaluates the security posture of an application to identify and mitigate security risks. This includes carrying out an assessment of the risks associated with the application’s design, configuration, and implementation. The outcome is a comprehensive report detailing our recommendations and providing advice on how to close identified security gaps.

Web Services/API provide programmatic interfaces that can be used by other applications, either internal or external (when exposed to the Internet). This presents a large attack surface from threats that are increasingly targeting these types of interfaces and therefore should be included in the scope of general vulnerability testing.

The external network penetration testing service determines the effectiveness of a customer’s defences against attacks on its public facing assets such as its connection to the Internet, as well as via web service/API interfaces. These attacks attempt to circumvent controls that are in place to minimise the risk of such attacks being successful.

The internal network penetration testing service involves scanning for vulnerabilities that provide vectors for attackers to exploit the customer’s defences. These vectors could include gaining access to privileged accounts, the corporate network, the HR or payroll system, the finance systems, or O365 accounts.

The security protections for on-premises infrastructure and workloads don’t necessarily translate well to equivalent cloud environments and therefore migration of workloads can expose a customer’s infrastructure to unforeseen threats. A cloud technical assessment will identify deficiencies in the cloud security architecture and applications and provide recommendations on how to improve cloud security.