• Your cart is empty
  •  

SimplerCloud Pte Ltd

×
×
Cart summary
Vulnerability Assessment Scan / Penetration Test - Penetration Testing - Web Application
Setup Fee $0.00 USD
Once $2,500.00 USD
 
 
 
Cart subtotal today:
$ 2,500.00
  • Product Configuration
  • Order Summary
  • Continue
Penetration Testing - Web Application

Penetration Testing – Web Application

Price: USD 2,500 (per website URL per test)

  • Conducting vulnerability scan assessment and penetration testing on the stated website/application.
  • Automatically crawls and scans all the web pages and scripts on the stated website.
  • Vulnerabilities are automatically assigned with severity levels (highest to lowest severity).
  • Performing scanning based on industry security standards and classifications, which include:
    • OWASP Top 10 (Open Web Application Security Project – Top 10)
    • PCI DSS (Payment Card Industry – Data Security Standard)
    • CVSS (Common Vulnerability Scoring System)
    • CWE (Common Weakness Enumeration)
    • CAPEC (Common Attack Pattern Enumeration and Classification)
  • Scanning the websites and the web applications by simulating how a real attacker would penetrate the website. This includes crawling and attacking the target web applications, web services, and web APIs available through HTTP/HTTPS.
  • Emulating an external attacker in attacking the stated website, performing penetration tests to discover attack surfaces and perform security testing.
  • Checking the target website for thousands of vulnerability variants such as SQL injection and cross-site scripting (XSS).
  • Identifying vulnerabilities and issues, and provide recommendations to fix the issues. We also provide proof of exploits for each of the identified vulnerabilities and issues.
  • Emulating the attack without prior knowledge of the environment (black-box penetration testing), and without accessing the user-authenticated area of the web application.

 

Methodology:

1. Information Gathering

Firstly, we use the penetration testing tool to gather information about the target web server. We do this by configuring the scanning policy to do crawling, without attacking. We analyze the information generated and use it to fine-tune the scanning policy to improve the vulnerability scanning and penetration testing process, according to the web application’s settings and platform.

2. Vulnerability Identification, Exploitation, and Post-Exploitation

In the next stage, we use the same tool to go into “attacking” mode. In addition to crawling, we will simulate a real attacker who attempts to identify vulnerabilities and exploits and tries to exploit the vulnerabilities without causing actual damage to the system, by using “proof-based scanning technology” to validate any findings and eliminate false positives.

We might run another re-crawl of the site to ensure that all items discovered are valid, and any newly discovered paths are validated. Lastly, we validate the findings further by generating exploits at runtime, just like how an attacker would attack the web application. The penetration testing tool helps us to figure out how to bypass, how to exploit the vulnerability, and then exploits it safely without causing damage to the system.

In the post-exploitation stage, we also use the tool’s Proof-Based Scanning Technology to validate a finding by exploiting it and providing proof-of-exploit or proof-of-concept in the finding details.

Below is the list of security standards we are using:

  • OWASP 2013
  • OWASP 2017
  • CWE
  • WASC
  • ASVS 4.0
  • NIST SP 800-53
  • DISA STIG
  • ISO27001

3. Reporting

We will generate a comprehensive Penetration Testing report based on the outcome of our penetration testing and analysis. This includes the security status of the target web application, what vulnerabilities are found, and how we can fix the issues.

Provisioning time would be 10-15 working days after confirmation of order and payment. It may take several days to perform the necessary scan and penetration testing.

Comprehensive penetration testing report and the recommended actions in PDF format to be generated within 10-15 working days.

Penetration Testing will be conducted during Singapore office hours (Monday to Friday, 9am – 6pm).

Notes:

  • Does not include remediation of the detected vulnerabilities. Customers can purchase our system administration services to engage our assistance in resolving all the reported vulnerabilities. Note: only applicable for web applications hosted in SimplerCloud’s infrastructure.
  • Provisioning time would be 10-15 working days after confirmation of order and payment. It may take several days to perform the necessary scan and penetration testing.

Price $2,500.00 USD Once
Product Configuration
URL of website to test.

Fields marked with asterisk (*) are required