What is an application pentest?

With an application pentest, Halo Security will discover, report on, and help you remediate vulnerabilities that automated tools can't find.

Automated vulnerability scanning is a key component to maintaining good security posture on your perimeter, but simply cannot find all the possible vulnerabilities in your internet-facing assets. Many vulnerabilities are too destructive to test automatically, and others require a human understanding of the underlying implementation of the technology. Additionally, flaws in business logic might not even be vulnerabilities in the application's technology at all, but can still be attractive and potentially lucrative targets for hackers. Utilizing our experts to find the vulnerabilities that your other tools missed is key to making sure you see the whole picture when it comes to the security of your internet-facing web applications.

How does the application pentest work?

During the application pentest, our team will use discovery techniques and tools to determine the entire attack surface of the in-scope applications and discover hidden or sensitive content. We'll use that information to determine vulnerable endpoints or assets within the application. Then we'll attempt to exploit any weaknesses detected to confirm their presence and create proof-of-concepts that can be used to easily reproduce any issues.

We will provide you with a comprehensive report that includes the findings from the test, steps to reproduce any issues, our perceived risk of each finding in the context of your environment and business, and an actionable remediation plan to fix any vulnerabilities. Every test includes a 90-day retesting window beginning on the date of the initial report delivery where we will retest any finding from the original report, so you can be sure your remediation worked.

How much does it cost?

All of our penetration testing services are quoted after determining the scope of the project. Application pentests start at MSRP $9,950 per unique application.

Did this answer your question?