Your Basket
Cyber security for any size of business
CREST member company
Team of friendly certified experts

Web Application Penetration Test

Web Application Penetration Test

Your public-facing connected systems are open to the world. On today's internet, over half of all the network traffic is not human. More than 11% of network traffic has a malicious nature. Coupled with 37.2% of all website traffic being bot related, it means you are almost certainly in a state of continual attack.

Why is it important

Our Web Application Penetration Tests identifies vulnerabilities and security weaknesses that attackers use to compromise your web application's security. Maintaining the security of modern and historic web applications is crucial in today's connected world. Traditional firewalls and other security controls bolster your security. However, web applications with poor security were the single most significant cause of data breaches in 2020. 

Our Penetration Testing service for your Web Application will help you to:
  • Demonstrate how your web application aligned with the OWASP security controls.
  • Understand where vulnerabilities exist and widespread patterns.
  • Improve access control and find functions that are leaking sensitive data.
  • Improve access, authentication and session management controls.
  • Identify where input validation is failing.

What the test entails

We will perform a penetration test of your web application to identify weaknesses, vulnerabilities and information that would be useful to a hacker. For this test, we will:

  • Help scope your web application to establish the exact extent of the testing exercise.
  • Run a series of automated vulnerability scans against the web application;
  • Perform a range of manual tests closely aligned with the OWASP methodology.
  • Immediately notify you of any critical vulnerabilities to help you take action quickly.
  • Provide you with a detailed report that identifies and explains the vulnerabilities (ranked in order of significance). 
  • Include within your test report a list of recommended countermeasures to address any identified vulnerabilities.  


  • Our Web-App testing package applies to a single web application and database. The application will consist of no more than 100 static or dynamic pages. 
  • It will use a single level of authentication.
  • The penetration test will be performed first as an unauthenticated user, then as an authenticated user.
  • Testing does not include file upload testing.
  • The price applies to testing during regular office hours. There are additional charges for tests conducted outside of regular office hours.

COVID-19: remote delivery options

We want to reassure all of our clients that we remain fully operational during the current COVID-19 situation. Hedgehog fully embraces flexible and remote working. We adjust our delivery methods to provide consultancy services, penetration tests, and training remotely where necessary. 

Why choose Hedgehog

We only use experienced penetration testers to carried out clients penetration tests. Our penetration testers have the necessary technical skillset, qualifications and industry experience. They have the strong technical knowledge and proven track record needed to enable a successful penetration test. Our testers can carry out safe exploitation of applications and systems, advising on the appropriate mitigation measures required to ensure that your systems are secure.

Our CREST-certified penetration testing team will provide you with clarity, technical expertise and peace of mind. Our experienced testers will have reviewed your scoped environment, tested it to the fullest during the time permitted and will provide you with a detailed report.
We perform a high number of Azure-based penetration tests. All of our penetration tests comply with the Microsoft Rules of Engagement. We appropriately limit all penetration tests, ensuring only your assets are touched, avoiding unintended consequences to your customers or your infrastructure.

Contact Us

Ask us a question, any question at all. As long as it has to do with Information Security / Cyber Security, we will get back to you with an answer.