Managed Pentesting Service for Web Applications
Per webapp, based on application features, user roles and flows
Get a quality service and very fast delivery, by combining our technical expertise with our cutting edge technologies in cybersecurity and testing tools with automation features. Our team are certified security professionals and ethical hackers.
What you get ?
1) A report : in PDF format in less than 3 days after test completion. The report includes actionable and valuable information for you to understand, reproduce and fix the vulnerabilities. You get a report on our findings, as well as recommandations, advices and remediation to solve your issues. The report is comprehensive, detailed and valuable. You get get a security diagnosis of your website & web apps with vulnerability details and remediation advices to improve it drastically.
2) A Re-test (6 months after): The packages have one re-test included in this price. Re-testing means punctual re-verification of all the findings mentioned in our initial report (re-testing is not a full pentest). The result of a re-test will be an email with the status of each finding (Fixed / Not fixed) and a short explanation for each one.
Retest Reports in PDF can be generated on request. The retest report may either contain all findings, having their update status (Fixed / Not Fixed), or it may contain only the remaining (Not Fixed) findings.
3) Our comprehensive services : Network Penetration Testing, Web Application Penetration Testing, API Penetration Testing, Mobile Application Penetration Testing
We combine our expertise with well-known methodologies such as the OWASP Testing Guide and the Penetration Testing Execution Standard. We Depending on the complexity and the time available, we also try to demonstrate the vulnerabilities by providing small proof-of-concepts.
How long ?
The pentest is performed in 7 business days. We are focusing on the key aspects of application security and we're able to offer a comprehensive picture of the relevant security issues that affect your web application. The report is delivered in 72 hours (max) after the test completion.
Can you use our service against your Client System ?
Yes, of course. You can test your clients' systems as long as you have authorization from them to do that. This is mostly applicable to consultancy companies that want to use our services in white label solution. On request, we can also provide white labeled reports with your branding.
What we need from you ?
It is mandatory that you have a clear authorization to have a penetration test performed against the target system from the owner of the target. It happens that the system is on a shared web hosting (or is a managed service), therefore you must notify and have permission from the provider of the service. We can also help you with that. Lastly, it is recommended to have a backup of the target system.
Once payment is complete, please send us by email at contact@ga-political.com
- The URL(s) of the target(s)
- A short description of the target application(s)
- A Letter of Authorization or representation in case the website is not yours.
- Your name and company name
- For Network Penetration Testing: How many IP addresses are in scope
- For API Penetration Testing: How many endpoints and API functions are in scope? Also, please mention if Black-Box or Grey-Box is required
- If applicable: Do you have any specific requirements for this engagement?
- The type of services required
- For Web Applications: Please mention if it's Black-Box or Grey-Box and, if Grey-Box, how many user roles you need to be tested. We usually recommend taking into account both a regular user and an admin role (for cross-users and privilege escalation testing)
Considering these elements, if our expert consider that your request is more complex and should be paid a better price, we will submit a specific invoice.
But no problem, if you refuse the new invoice, you'll get fully refunded. In case of question, please contact us directly at contact@ga-political.com