Prevent common cyber attacks with Offensive Security (commonly known as penetration testing) by testing your internal and external digital systems against our rigours testing regime. Regular testing helps raise the security of your environments from the ever changing list of threats, and helps to meet regulatory requirements that require penetration testing such as common standards in New Zealand as PCI DSS, FISMA, ISO and common overseas standards such as MARS-E, HIPAA, Sarbanes-Oxley.Find Out More
Speak with the team at Cybercraft to find out how we can assist you and see if a web penetration testing is right for your organisation.Get In Touch
Many organisations talk about cyber risk and cyber risk management. However, not many organisations demonstrate an understanding or commitment to information security and the core principles at both governance and management levels.
For clients determining the right cyber risk partner, these can become primary differentiators between organisations delivering cyber related services. Client need the confidence that their cyber partners walk the walk, not just talk and talk.
Cybercraft undertakes a rigorous testing process for web application penetration testing
We use a controlled execution of automated tools to identify vulnerabilities that are presented to each user persona (Unauthenticated, Authenticated and Administrator).
Manual exploitation of vulnerabilities will be undertaken (penetration testing) to provide evidence of the risk of a data breach.
Cybercraft will then provide a report that outlines the testing results with categorised risks and provides a detailed summary of vulnerabilities and exploits for each target.
Common Vulnerabilities Testing
Test your application against the internationally recognised Open Web Application Security Project (OWSAP) most common security vulnerabilities.
Application Security Verification Standard Level 1
The OWASP Application Security Verification Standard (ASVS) Level 1 is the baseline for for web application security and is designed to be completely penetration testable. It can be completed externally, needing minimal input form your organisation.
Application Security Verification Standard Level 2
The OWASP Application Security Verification Standard (ASVS) Level 2 is for applications that contain sensitive data, which requires protection and is the recommended level for most apps. This level of testing includes a review of code and infrastructure in addition the level 1 penetration testing.
Application Security Verification Standard Level 3
The OWASP Application Security Verification Standard (ASVS) Level 3 is for the most critical applications - applications that perform high value transactions, contain sensitive medical data, or any application that requires the highest level of trust. In addition to level 1 and 2, level 3 follows additional stricter controls.
We tailor our testing plans to the size of your application. So if you've due for you annual penetration test, get in touch with us and we'll match your to the right level of testing and provide a quote to test your application.Get in touch
This is assisting organisations with creating a risk management framework that will assist in helping the organisation create better detection on potential cyber-attacks and to become more cyber resilient.
This is implementing the information security standard internationally recognised and independently audited which provides a statement of assurance that an organisation is fully committed to protecting information and have established the appropriate practices to support this.
This is based on lead indicators to identify cyber risks within the organisation for Executive and Directors to understand risks and prioritise further cyber risks and initiatives.
This is a comprehensive assessment providing a clear statement of cyber risk to the Board and the executive to determine risk appetite and prioritisation of remediation and funding.