Application Testing


Application Testing

We can help make sure that your organisation’s web applications are secure, regardless of where you are in the development process.
No matter how much code or how many web applications you have, or how often they change.

Managed Service

Automated and expert team based web application scanning services enable you to assess, track and remediate your web application vulnerabilities on a continual basis. Whilst penetration testing is necessary to give you an in-depth understanding of your weaknesses, our web application scanning managed service notifies you of new vulnerabilities on a much more frequent basis.

The scanning frequency will depend on your requirements, and will ensure that you are covered throughout the year in between your regular annual penetration test.


Security Penetration Testing - Consultancy

 We utilise a combination of automated and manual methods using the latest tools and techniques to ensure comprehensive testing coverage. Our aim is to identify all potential vulnerabilities during an assessment.


Application Vulnerability Scanning & Results Validation Of Scan Results

Includes the top ten threats identified by the Open Web Application Security Project (OWASP):

  • Cross site scripting (XSS)
  • Injection flaws
  • Malicious file execution
  • Insecure direct object reference
  • Cross site request forgery (CSRF)
  • Information leakage and improper error handling 


  • Broken authentication and session management
  • Insecure cryptographic storage
  • Insecure communications
  • Failure to restrict URL access
  • Stress & DoS Testing
Tools-based testing of all vulnerability classes listed:-

  • Injection Testing
  • Session Management Testing
  • Account Policy Review
  • Information Disclosure Testing
  • Data Protection Testing
  • Authentication Testing
  • Authorisation Testing
  • Logic Flaws
  • Testing For Cryptographic Weaknesses
  • Bounds Checking Testing
  • Application Resource Handling Checking
  • Exhaustive Testing
  • Testing Of All Input Areas
  • Database Injection Flaws
  • Database Errors
  • Windows / Unix Command Injection
  • Windows / Unix Relative Path
  • Integer Overflow
  • Non-SSL Password
  • SSL Checks
  • Password Autocomplete
  • Credit Card Disclosure
  • Basic Authentication over HTTP
  • Private IP Disclosure
  • Application Exception
  • Cross-Site Scripting (XSS)
  • DOM-based XSS
  • Directory Browsing
  • Open Redirect
  • Remote File Inclusion
  • Cross-Site Request Forgery (CSRF)
  • Insecure CORS Headers
  • Cookie Vulnerabilities
  • Session ID in URL
  • Cross-Frame Scripting
  • Manual Verification of Scan Completeness
  • Manual Validation of Scan Results


What can be produced:
  • Findings Report
  • Video Evidence
  • Post-Test Debrief

Contact us today to discuss your requirements in more detail.

+44(0)7714 209927


info@securenetconsulting.co.uk