Skip to content

Web applications

Homepages, web shops or advanced applications – websites are favored by users, but increasingly become targets of malicious actors. Test your web presence for vulnerabilities.

Scope of the pentest

During this assessment, our ethical hackers are evaluating your application regarding vulnerabilities and misconfigurations. The test can be performed on your premises or remotely via the Internet.

Exemplary test objects:


Webpages without or with limited user interaction (e.g., Blogs, WordPress or similar CMS systems)


eCommerce applications with products, payment processing and user login


REST/SOAP APIs for mobile applications, third-party interfaces

In-house developments

using frameworks (e.g., ASP.NET, AngularJS) or based on specific technologies (e.g., NodeJS, Python)

Third-party applications

Applications sold by third-parties that are used in your network, which should be tested for their security (e.g., source code server, webmail)


Self developed or third party web applications in your internal company network.


In 39% of cases attackers can gain unauthorized application access. ¹

16% of all systems can be fully compromised. ¹


68% of web applications are at risk of losing confidential data. ¹

Our approach

Our approach

This web application pentest includes a comprehensive security analysis of your website or web application at network and application level. It is scoped on an IP address defined by you. The pentest can be focused on both, an internally and externally accessible web application.

All network-level tests include an automated vulnerability scan as well as a manual analysis of all network services provided by the application server. Here, the perspective of an external attacker is considered (black-box). Application-level tests, on the other hand, are performed using a semi-manual approach with and without valid user credentials (grey-box). When performing penetration tests, we adhere to proven test specifications by OWASPand OSSTMM.

Each web application is individual and analyzed by us for security vulnerabilities using all the tools and tricks of real attackers. No matter if they are self developed web applications, frameworks, or third-party solutions. During the penetration test we analyze the entire scope, starting from the application server up to the application layer itself.

In summary, we execute a comprehensive security analysis of your externally or internally accessible web application from the perspective of a real life attacker.

Unrecognizable businesswoman using tablet with online shop homepage on screen at office, collage

Especially in our globally interconnected world, security plays an important factor. Should you choose to order our penetration test package, we will analyse your application and the underlying network infrastructure for undiscovered vulnerabilities.

Testing types


Testing as an external attacker without additional information


Testing with valid credentials


Testing with credentials and access to the source code

Standards and Qualifications

During our pentests we adhere to all internationally recognized standards.

Our penetration testers are highly skilled and hold several recognized hacking certifications.