What Makes Our Web Penetration Tests Different?

Our approach to web application penetration testing stands out due to three key factors: Coverage, Automation and Efficiency, and Commitment to Our Standards. Here’s how we ensure our web pentests deliver unparalleled results and how our web application penetration tests are different:

Comprehensive Coverage

• Aim for 100% Coverage –Our testing team’s goal for every project is to achieve 100% coverage. Experienced pen testers know that complete coverage is technically impossible, it remains the focus we want to achieve in each test.
• Effort in Detail-Oriented Tasks – We put significant effort to the meticulous parts of the test, such as semi-automated crawling, manual form submissions, and creating custom login rules and extensions. Our in-house tools push us closer to complete coverage than any other tool available.

Advanced Automation and Efficiency

• Overcoming Automated Crawler Limitations – We understand that automated crawlers like Burp Suite often miss content and submit invalid forms, leading to poor scanning coverage. For instance, if a form is submitted with incorrect parameters, the server returns an error, causing Burp to scan the erroneous form, generating irrelevant errors instead of valid responses.
• Semi-Automated Crawling with Human Oversight – Our custom tool allows for semi-automated crawling, requiring human intervention to submit forms. This ensures accurate responses for every endpoint, crucial for single-page applications (SPAs) and sites utilizing AJAX requests instead of traditional HTML form tags.
• Efficiency in Human Hours – The efficiency of our human hours during tests allows us to achieve higher-quality results in less time than other vendors. This efficiency has led to multi-year contracts with clients who previously rotated vendors annually, and we are impressed by the new findings we uncovered in our initial tests.

Unwavering Commitment to Pen Test Standards

• Adhering to Specific Processes—While many claim to follow the OWASP Web Application Security Testing Checklist, our internal process is more detailed and provides specific methods for completing each item.
• Dedication to Thoroughness – We often absorb losses when a penetration test takes longer than expected, ensuring we never deliver a report if we believe we’ve left any stone unturned. This dedication remains firm unless the engagement letter explicitly limits the scope.
• Innovative Solutions for Unique Challenges – Our commitment extends to developing solutions for unsupported technologies. For example, during a pentest for a site using gRPC/protobuf, which lacks support in existing pen testing tools, we spent two weeks developing a custom Burp extension. This tool will be released as an open-source project soon. We also pioneered similar solutions for our first GraphQL test, contributing to the current extensions and tools in the market.

Contact Us

In conclusion, our web penetration tests are distinguished by our pursuit of comprehensive coverage, innovative automation, and steadfast commitment to pen testing standards. This combination ensures that our clients receive the most thorough and efficient security assessments. Please contact us of you would like to learn more about our Pen Testing process or if we could bid a project out for you and your team.