Website Security Penetration Test

Services clients purchase before

Website Security Vulnerability Assessment

Services clients purchase after

Network Security Penetration Test

The Business Case for Penetration Testing
Factory Fact

41% of all attacks where targeted at SME's employees in 2014, compared to 36% in 2013.

Need some help?

Speak to the Risk Factory Foreman, and he'll tell you everything you need to know.

Call us on 0800 978 8139

Quote details

What is it?

A Website Security Penetration Test is the method for evaluating the security integrity of your website by simulating an attack from a hacker. Do not confuse penetration testing with vulnerability scanning (apples and oranges). The objective of a penetration test is to identify and attempt to manually exploit vulnerabilities that allow unauthorised access to the data processed, stored or transmitted by the website. Good penetration testing details step by step how this can be done and how to prevent it.

There are four steps in conducting a website security penetration test:

  • Reconnaissance: identifying all points of access to the website 
  • Scanning & enumeration: identifying the applications running on the website and any security vulnerabilities associated with those applications.
  • Gaining & expanding access: manually trying to exploit the vulnerabilities identified to gain unauthorised access to the applications or back end support systems.
  • Escalating privileges: attempting to obtain and escalate user privileges to access, delete or modify sensitive information processed by the website.

The key to penetration testing is to clearly identify the testing objective before starting. If you are testing to ensure unauthorised changes cannot be made to your website for instance, this objective should be clearly stated in the scope and addressed in the report of findings. Discuss your testing objective with our Factory Foreman. 

Why should I do it?

To understand exactly how a hacker would do it. Conducting security penetration testing provides evidence of the resiliency of your website to an actual attack. It will either confirm or deny that you can identify and stop unauthorised access to your website and prevent a compromise.

It is globally recognised as “best practice” and commonly demonstrates due diligence for compliance to most governance risk and compliance legislation, regulation and standard frameworks.

How often should I do it?

You should do it at least once a year and after any major change to your website. 

What will Risk Factory do?

  • Conduct a detailed application-level security penetration test of your website based on Open Web Application Security Project (OWASP)  established best practice.
  • Identify application-level security vulnerabilities associated with your website (consisting of maximum 3 dynamic pages and 50 static pages).
  • Manually attempt to exploit those vulnerabilities to gain unauthorised access to applications and back-end support systems.
  • Manually attempt to escalate user access privileges obtained.
  • Document our findings and recommendations to improve the security of your website.

What will I receive?

  • A comprehensive report of the findings and remediation recommendations with step-by-step instructions and screenshots evidencing exactly how unauthorised access to your website was obtained for your understanding. To see a sample report you can contact the Risk Factory Foreman.
  • Telephonic support from an information security engineer for two weeks after the testing to answer any questions you may have about the report or remedial recommendations.
  • A free retest two weeks after the original testing to ensure recommended remedial actions were effective in mitigating the vulnerabilities originally identified.
  • A certificate of testing validation for compliance evidence.

Do I need to prepare anything in advance?

We just need the address; the Uniform Resource Locator (URL) of the website you need us to test. If you don’t know the address, don’t panic our Factory Foreman can help you.

Don’t forget to specify the exact number of tests you’d like to purchase when getting your quote. Our Factory Foreman will call you to schedule each test purchased. You can for example, purchase multiple tests (for better value) and get them delivered over time when you need them to match your ongoing business requirements.