Select regional store:
Web Application Penetration Test

Web Application Penetration Test

SKU: 3185
Format: Year 1: $3,250
Published: 10 May 2016
Format: Year 2: $2,925 per annum/test (save 10%*)
Published: 10 May 2016
Format: Year 3: $2,600 per annum/test (save 20%*)
Published: 10 May 2016

This consultant-driven penetration test is designed to identify potential vulnerabilities in your websites and web applications, and provide recommendations for improving your security posture, facilitating your compliance with the PCI DSS and ISO 27001.

Purchase this service or call our team today on 00 800 48 484 484 to discuss your penetration testing requirements.

Price: $3,250.00


Purchasing this web application test will enable you to identify and fix potential vulnerabilities in your web applications.

This test combines a number of advanced manual tests with automated vulnerability scans to ensure every area of your web applications are tested. Because IT Governance is a CREST member organisation, you can be sure our tests meet the highest industry standards.

Your challenge

The security of your web applications is of paramount importance to business continuity and integrity. While traditional firewalls and other security controls are an important security layer, they can’t defend or alert you to many of the attack vectors specific to web applications. Weaknesses could result in financial losses, disclosure of confidential information, fraud, regulatory sanctions, reputational damage or loss of productivity.

By commissioning a Web Application Penetration Test, you can:

  • Avoid damaging your brand’s reputation with the bad publicity associated with a security compromise
  • Prevent breaches and subsequent regulatory fines
  • Satisfy relevant regulatory requirements or legislation

Our service offering

  • Careful scoping of the test environment to establish the exact extent of the testing exercise.
  • A range of manual tests closely aligned with the OWASP methodology.
  • A series of automated vulnerability scans.
  • Immediate notification of any critical vulnerabilities to help you take action quickly.
  • A detailed report that identifies and explains the vulnerabilities (ranked in order of significance).
  • A list of recommended countermeasures to address any identified vulnerabilities.
  • An executive summary that explains what the risks mean in business terms.

Are you interested in an advanced level 2 penetration test?

We’ve designed our standard packages to be easy and affordable, but if you are unsure of your requirements, or your needs are more complex and involve attempting to exploit the identified vulnerabilities, please call us to discuss. Our consultants can answer your questions and make the process painless. If you would like to talk to one of our testers or meet with them, we would be happy to arrange this for you.

Contact us

Delivered as a remote service

IT Governance routinely provides this service remotely to organisations located outside of the United Kingdom. We can also offer an on-site service, but consultant expenses related to travelling , etc. will need to be absorbed as an additional cost.


Why choose us?

  • You receive a tailored assessment that applies to your business and relevant threats, not a generic assessment of theoretical risks.
  • You work with CREST-qualified consultants experienced in application penetration testing.
  • We combine a number of advanced manual tests with automated vulnerability scans to ensure all critical vulnerabilities are identified.
  • You receive a clear report that prioritises the relevant risks to your organisation so you can remediate any vulnerabilities.


  • The standard price is applicable for a single web application and database with up to 100 static web pages, or dynamic web pages using no more than five templates, or a combination of the two.
  • Testing will be conducted with a single level of authentication.
  • The site will be scanned as an unauthenticated user, then rescanned as an authenticated user.
  • Testing will not include file upload testing.
  • This test is available as either an internal or an external test.
  • Consultant expenses related to travelling, etc. are not included in the price.
  • On-site presentation of report findings and remedial consultations can be provided upon request at an additional cost.
  • Discounts for multiple tests only apply when a two- or three-year contract is agreed at the purchase of the first test; discounts cannot be backdated. Each penetration test will be invoiced annually (in the year of the test). An invoice will be issued 28 days before the planned test.
  • The quoted price applies to testing during regular office hours. An additional charge will be incurred for tests conducted outside of regular office hours (9:00 to 17:30 GMT).

Speak to an expert

Please contact us for further information or to speak to an expert.

Contact us

Customer Reviews

(0# of Ratings:)
This website uses cookies. View our cookie policy