Sales: 0845 470 4001 | Support: 0800 130 3365 | Contact Form | NPS

Website Security Testing

Comprehensive and scalable quality assurance
 services for web applications

Due to their complexity; Web applications represent a unique challenge to the security posture of an organisation, Exponential-e offers comprehensive and scalable quality assurance services for web applications with varying scopes and requirements.

Get in touch

Meeting your business objectives

Due to their complexity and universality; Web applications represent a unique challenge to the security posture of an organisation, hence, it is critical to test them.

Get in touch
Protection target: Network

Network

Protection target: Applications

Applications

Protection target: Cloud

Cloud

Get in touch

Service capabilities

Scoping phase with different levels of assessment:

01
Blackbox - No assistance will be given to the consultants. They will have to assess the network as if they were a hacker with physical access to the organisation. Alternatively, they will be given the network port and patch cable, and will have to obtain connectivity and further access.
02
Greybox - This involves the consultants having more assistance to connect their equipment to the network or they can test as an existing user in the business without being given any access credentials.
03
Whitebox - Full access to all resources required is given to the consultants to look for any information of vulnerable hosts and services to assess the risk.

Once Scoping is complete, there are seven phases to be carried out:

01
Information Gathering / Discovery - Specific tools will be used to obtain as much information from the current internal infrastructure.
04
Service Enumeration - All services discovered on the hosts under test will be itemised. Service enumeration allows specific software types and versions to be retrieved from the network as well as policies, shares, resources and valid user accounts.
04
Vulnerability Assessment - This phase of testing will attempt to analyse the information retrieved in previous steps in order to determine whether a specific weakness exists or not.
04
Manual Testing - Once all of the hosts and services have been identified manual testing techniques and follow-up will be used to either extract further sensitive information from the host or (depending on the rules of engagement) exploitation.
05
Post exploitation - Once a machine in scope has been compromised, pivoting and lateral movement techniques will be exercised. This practice is often employed to fully explore and demonstrate the true risk of a vulnerability by emulating the ‘snowball’ effect of stacked vulnerabilities.
06
Information Egress - The routes in which data can be extracted from the systems in scope will be examined and used to identify where extra controls could be implemented or security enhanced.
07
Reporting - A business executive summary, high level descriptions and technical details of each finding, is provided to offer the customer a wealth of information to implement remediation’s to not only fix the current issue, but also the underlying root cause, ensuring issues of the same nature do not re-occur.
Get in touch

Why Exponential-e?

Focussed testing without any distractions.

Detect broken links on your web pages.

Ensure that all possible test cases targeted on the web app work correctly.

Checks how app works in the supported environments.

Ensure high quality website as end-result.

Get in touch

Cyber Security Capabilities

Monitoring, management and testing are vital to maintaining a robust cyber security posture.

Read our comprehensive guide to understand how our Cyber Security eco-system can help protect your organisation from the latest cyber threats.

View now

Click to read Cyber Security Brochure

Read our latest cyber security blogs

What makes a ransomware attack eight times as costly? Compromised backups
What makes a ransomware attack eight times as costly? Compromised backups
Any organisation that has tried to recover from a ransomware attack knows that it can be time-consuming and costly. Companies hit by an attack must choose between paying a ransom or recovering encrypt...
Read More
Ransomware: lessons all companies can learn from the British Library attack
Ransomware: lessons all companies can learn from the British Library attack
In October 2023, the British Library suffered "one of the worst cyber incidents in British history," as described by Ciaran Martin, ex-CEO of the National Cyber Security Centre (NCSC).  The notor...
Read More
The Key to Establishing Ironclad Remediation and Disaster Recovery Processes
The Key to Establishing Ironclad Remediation and Disaster Recovery Processes
To Test or Not to Test? - When it comes to IT disaster recovery and remediation processes, regular testing is not a 'nice to have' - it's absolutely essential! This isn't hyperbole on my part. Yo...
Read More

Our customers

View more of our customers

Talk to one of our specialists

Contact Sales: 0845 470 4001
Service & Support: 0800 130 3365

  1. You are here:  
  2. Home
About Exponential-e
Services
Solutions
Terms
London Head Office

100 Leman Street, London, E1 8EU

Manchester Office

1 Spinningfields, Quay Street, Manchester, M3 3JE

Sales: 0845 470 4001
Service & Support: 0800 130 3365

 

*Calls to 0845 numbers will cost 7p p/m plus your phone company’s access charge. All inbound and outbound calls may be recorded for training or quality purposes.

London Head Office

100 Leman Street, London, E1 8EU

Manchester Office

1 Spinningfields, Quay Street, Manchester, M3 3JE

*Calls to 0845 numbers will cost 7p p/m plus your phone company’s access charge.
All inbound and outbound calls may be recorded for training or quality purposes.