Preparing for the Unexpected: unsure if your organisation is ready to deal with a cyber incident, talk to us! Contact us now
Australia AU

Cybercraft Digital

Offensive Security: Web Penetration Testing

Prevent common cyberattacks with Offensive Security (also known as penetration testing or a pentest) by testing your internal and external websites, platforms and APIs against our rigours testing regime. Performing annual pentesting helps to raise the security of your digital environments from an ever-changing list of threats, and helps to meet regulatory requirements that involve standards like PCI DSS, FISMA, ISO, MARS-E, HIPAA, Sarbanes-Oxley.

More about Penetration Testing

Find out more

Speak with the team at Cybercraft today to find out how we can lift your organisation's information security with web penetration testing.

Get In Touch
block-icon

Why choose Cybercraft

Many organisations talk about cyber risk and cyber risk management. However, not many organisations demonstrate an understanding or commitment to information security and the core principles at both governance and management levels.

For clients determining the right cyber risk partner, these can become primary differentiators between organisations delivering cyber related services. Clients need the confidence that their cyber partners walk the walk, not just talk and talk.

Rigorous Testing

Cybercraft undertakes a rigorous testing process for web application penetration testing

Automated Scanning

We use a controlled execution of automated tools to identify vulnerabilities that are presented to each user persona (Unauthenticated, Authenticated and Administrator).

Manual Exploitation

Manual exploitation of vulnerabilities will be undertaken (penetration testing) to provide evidence of the risk of a data breach or privacy breach.

Vulnerability Reporting

Cybercraft will then provide a report that outlines the testing results with categorised risks and provides a detailed summary of cybersecurity vulnerabilities and exploits for each target.

Levels of Offensive Security

Common Vulnerabilities Testing

Test your application against the internationally recognised Open Web Application Security Project (O.W.S.A.P) most common security vulnerabilities.

Application Security Verification Standard Level 1

The OWASP Application Security Verification Standard (A.S.V.S) Level 1 is the baseline penetration testing service for your web application security, and is designed to be completely penetration testable. It can be completed externally, needing minimal input from your organisation.

Application Security Verification Standard Level 2

The OWASP Application Security Verification Standard (A.S.V.S) Level 2 is penetration testing + security standards verification for applications that contain sensitive data, which requires protection and is the recommended level for most apps. This level of testing includes a review of code and infrastructure in addition the level 1 penetration testing.

Application Security Verification Standard Level 3

The OWASP Application Security Verification Standard (A.S.V.S) Level 3 is penetration testing + security standards verification for the most critical applications - applications that perform high value transactions, contain sensitive medical data, or any application that requires the highest level of trust. In addition to level 1 and 2, level 3 follows additional stricter controls.

Is your annual application security check-up overdue?

We tailor our testing plans to the size of your application. So if you've due for your annual penetration test, get in touch with us, and we'll match you to the right level of testing for your website or application. Pentration testing is in high demand, so get in touch today to prevent testing delays.

Contact us now

What people say about us

Cybercraft’s knowledge and passion for improving our cyber risk management were clear from day one; throughout the engagement, they took the time to understand our business, work within our budgets and provide the expert help we need to achieve best practice in our business.
Gilbert McKinnon
Chief Financial Officer, Hunter Retail

Get your cyber resilience needs analysed today

Book a consult

Speak with the team at Cybercraft to find out how we can analyse your cyber resilience needs.

Book Now
CTA 1

Other services available in Cyber Resilience

Fractional Chief Information Security Officer Yellow 2080800

Fractional Chief Information Security Officer

This is assisting organisations with creating a risk management framework that will assist in helping the organisation create better detection on potential cyber-attacks and to become more cyber resilient.

Find out more
ISO27001 Implementation Yellow 533482

ISO27001 Implementation

This is implementing the information security standard internationally recognised and independently audited which provides a statement of assurance that an organisation is fully committed to protecting information and have established the appropriate practices to support this.

Find out more
Cyberfit Insights Assessment Yellow 3644106

Cyberfit Insights Assessment

This is based on lead indicators to identify cyber risks within the organisation for Executive and Directors to understand risks and prioritise further cyber risks and initiatives.

Find out more
Cyber Risk Assessment Yellow 3644109

Cyber Risk Assessment

This is a comprehensive assessment providing a clear statement of cyber risk to the Board and the executive to determine risk appetite and prioritisation of remediation and funding.

Find out more