Combined External Infrastructure and Web Application Penetration Test

SKU: 4452

Format: Penetration test

Identify potential vulnerabilities in your external infrastructure and web applications.
Gain real-world insight into vulnerabilities, including (but not limited to) insecure and misconfigured services, unpatched services and software, poor input validation, insecure authentication, and misconfigured access controls.
Demonstrate a strong security posture to clients by providing third-party assurance that your external infrastructure and web applications are secure.
Work with a globally recognized penetration testing company, offering one-to-one expert advice at any stage of the engagement.

CALL TO ORDER

Overview

Our Combined External Infrastructure and Web Application Penetration Test follows an established bespoke methodology, emulating attackers’ techniques and using many of the same readily available tools.

This service assesses the key components of the web applications and external network infrastructure, covering:

How secure your public-facing infrastructure is and whether it has been suitably hardened
If your patch policy is sufficient
How your authentication mechanism works and the security of your password requirements
Weaknesses in your encryption configuration
User access privileges, authorization, and server configurations

Download the service description for the full list

Receive a comprehensive report

At the end of the test, you will receive a comprehensive report broken down into:

Executive summary

A high-level, non-technical summary of vulnerabilities identified and your business’s risks.

Testing details

A detailed description of the methodologies followed and the scope of testing.

Vulnerability findings

Overview, consultant’s commentary, and detailed descriptions of each technical vulnerability identified, with remediation advice.

Download the full service description

Combined External Infrastructure and Web Application Penetration Test pricing

Prices start from:

One-year service: $3,800
Two-year service: $7,300 (includes 5% discount)
Three-year service: $10,700 (includes 10% discount)

Methodology

The test will be performed using IT Governance’s proprietary security testing methodology, which is closely aligned with the SANS, OSSTMM (Open Source Security Testing Methodology Manual), and OWASP (Open Web Application Security Project) methodologies.

Who is the service for?

This service is suitable for most organizations that have public-facing web applications and underlying infrastructure such as company websites, customer portals, or e-commerce websites.

Benefits

Benefits of this service

Get real-world insight into your vulnerabilities

Identify and understand the technology-related vulnerabilities affecting your network, and the business impacts these present.

Safeguard your organization

Use guidance provided in the detailed report to implement secure measures (such as strong authentication and session management controls, and keeping untrusted data separate from commands and queries), thereby reducing the likelihood of a security breach while protecting your brand.

Demonstrate strength to key stakeholders

Demonstrate a strong security posture to clients by providing third-party assurance that your external infrastructure and web applications are secure.

Supports best practice

Supports compliance with the PCI DSS (Payment Card Industry Data Security Standard), ISO 27001, NIST guidance, the GDPR (General Data Protection Regulation), as well as other laws, regulations, and contractual obligations.

Safeguard your brand

Protect brand loyalty and corporate image by reducing the likelihood of a security breach.

Technical and non-technical descriptions

Our expert consultant will provide you with updates throughout your project, from both technical and non-technical perspectives.

Finding vulnerabilities since 2010

Our established penetration testing team has extensive testing experience that ensures clients receive a comprehensive service.

Why IT Governance USA?

Why choose IT Governance USA?

Our CREST-certified penetration testing team will provide you with clarity and technical expertise, as well as peace of mind that your external infrastructure and web applications have been reviewed by experienced testers in line with your business requirements.
Get one-to-one expert advice at any stage of the engagement, along with an end-of-test debrief and answers to queries following the issue of the report.
Our detailed reports describe any identified business risks from both technical and non-technical perspectives.
Our penetration testing team has been operational since 2010, amassing extensive testing experience that ensures clients receive a comprehensive service.

Customer reviews

Please login to your account to leave a review.