Combined Infrastructure and Web Application Penetration Test

SKU: 4452

Format: Year 1

(0 reviews)

IT Governance’s combined infrastructure and web application penetration test helps to identify potential vulnerabilities in your infrastructure, websites and web applications. This fixed-price penetration test, conducted by our CREST-accredited team, includes recommendations to improve your network security, enabling you to comply with client requests and facilitate compliance with ISO 27001.

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account. Apply online today or call our service centre team on 00 800 48 484 484.

For more information about this service or to get a tailored quote for your organisation, please enquire below and one of our experts will be in touch shortly.Enquire about this service

Overview

Your challenge

Penetration testing is a best practice component of any ISO 27001-compliant information security management system (ISMS), from initial development to ongoing maintenance and continual improvement.

Control A.12.6.1 of ISO 27001:2013 specifies that “Information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organization's exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.” A vulnerability assessment or penetration test is the best method for identifying these vulnerabilities in systems, infrastructure and web applications. By conducting this test, you can:

Avoid damaging your brand’s reputation with the bad publicity associated with a security compromise
Prevent breaches and subsequent regulatory fines
Satisfy relevant regulatory requirements or legislation

Our service offering

A detailed consultation session to identify the depth and breadth of the tests required (on either an internal network or external network, depending on your needs).
Careful scoping of the test environment to establish the exact extent of the testing exercise.
A range of manual tests conducted by our team of highly skilled penetration testers, using a methodology closely aligned with the Open Source Security Testing Methodology (OSSTM).
A series of automated vulnerability scans.
Immediate notification of any critical vulnerabilities to help you take action quickly.
A detailed technical report that identifies and explains the vulnerabilities (ranked in order of significance).
A list of recommended countermeasures to address any identified vulnerabilities.
An executive summary that explains what the risks mean in business terms.

Conditions

Service conditions

The price is applicable for 20 externally facing IP addresses, and a single web application and database with up to 100 static web pages, or dynamic web pages using no more than five templates, or a combination of the two.
Testing will be conducted with a single level of authentication provided that the pages are accessible without authentication.
Testing will not include file upload testing.
This test is available as either an internal or external test.
Consultant expenses related to travelling, etc. are not included in the price.
On-site presentation of report findings and remedial consultations can be provided upon request at an additional cost.
Discounts for multiple tests only apply when a two- or three-year contract is agreed at the purchase of the first test; discounts cannot be backdated. Each penetration test will be invoiced annually (in the year of the test). An invoice will be issued 28 days before the planned test.
The quoted price applies to testing during regular office hours. An additional charge will be incurred for tests conducted outside of regular office hours (9:00 to 17:30 GMT).

Why IT Governance?

Why choose us?

Penetration tests should only be carried out by experienced consultants with the necessary technical skill set and qualifications. Our consultants have strong technical knowledge and a proven track record in finding security vulnerabilities. They can carry out exploits in a safe manner and advise on appropriate mitigation measures to ensure that your systems are secure.
Our CREST-certified penetration testing team will provide you with clarity, technical expertise and peace of mind knowing that your wireless network has been reviewed by experienced testers in line with your business requirements.
For Azure clients, our penetration tests comply with the Microsoft Rules of Engagement . This means we take care to limit all penetration tests to your assets, thereby avoiding unintended consequences to your customers or your infrastructure.