The goal of the comprehensive web application / web server security audit to test the web application as thorough as possible (all forms, all kind of known vulnerabilities). The test strictly follows OWASP Web Security Testing Guide and it is very comprehensive.
It includes:
- practical hacking demonstration of revealed critical vulnerabilities (own exploits coding, database dump, CSRF/XSS/session fixation demonstrations, ..)
- one-day meeting with the application’s developers (presentation of the report, how revealed vulnerabilities can be exploited, how to fix the application and follow our security recommendations)
- complete and strict the web application testing according to the OWASP Testing Guide
- technical report with executive summary, all revealed vulnerabilities, risk levels and recommendations
Price: depends on the application complexity (number of forms, user inputs, user hierarchy etc).