We Detect, Then Protect
0333 323 3981
Web Application Penetration Testing
Web Application Penetration Testing will identify vulnerabilities within your website which could be accessed through online cyber attacks. An exploitation can result in the theft of information and irreparable damage to your systems.
Xyone uses the Open Web Application Security Project (OWASP) Testing guide V3.0 for conducting penetration testing of web-based applications. The active test is split into 9 sub-categories for a total of 66 controls.
The data obtained from the information gathering phase allows us to search for additional vulnerabilities or exploits that might not form part of the above controls but can be used to penetrate the system.
Our web application penetration testing methodology is adapted each year to ensure we are assessing vulnerabilities in line with the OWASP top ten threats. In 2013, these were identified as:
It is vital that our clients undertake a retest as part of their penetration test service. This is to ensure that all vulnerabilities have had the necessary controls applied and are no longer at risk of exploitation.
Retests are always clearly quoted within our proposal documentation and each retest scans all of the areas originally identified as risks in our original penetration test report.
If a business is set up to take credit cards by any mechanism - then it needs to be compliant. It is a common misunderstanding that small concerns handling only one or a few credit cards a year are exempt from these standards.
A vulnerability assessment identifies any major issues within your systems. Less in depth than a manual penetration test and conducted using approved scanning software, a vulnerability assessment will test a cross section of your IT infrastructu...
Our consultants can take a lead on your PCI compliance, bringing extra resource to streamline your processes and help you to prepare compliance reports to achive the Payment Card Industry Data Security Standard.
Network Penetration Testing goes beyond vulnerability scanning and evaluates the security of a system, attempts to expose and exploit the vulnerabilities and weaknesses through a simulated attack.
Mobile penetration testing covers off the threats encountered through using devices such as laptops, smartphones and tablets to access networks and databases whilst away from the office environment.
The safety of your company’s assets depends on the security of your cloud-based infrastructure just as much as your in-house IT environment; therefore security should be a key consideration when selecting a cloud services provider.
Databases hold valuable business assets such as sensitive customer data, payment card details, product and pricing data, employee records, blueprints, intellectual property and supplier information. Should this data end up on the wrong hands or be co...
VOIP (Voice Over IP) is the methodology of conducting voice calls and messages through an internet based network. VOIP is a particular area of concern with regards to security due to the potential for confidential data harvesting through recordi...