Websites are one of the primary threat surfaces that cyber-attackers seek to exploit in order to penetrate information system infrastructure.

Website vulnerability testing is a service focussed on testing our cleints’ websites for security vulnerabilities that could be exploited by cyber attackers. The scope of the vulnerability testing covers a broad range of tests including an assessment of the top 13 OWASP listed security vulnerabilities currently found on web-sites. The testing is not limited to specific website development languages or web-server technology.

The tests are also an important part of any organisation’s regulatory compliance programme and most cyber-security standards require that a customer’s website should be assessed on at least on an annual basis.

The tests are not automated tests and involve the use of expert cyber-penetration team members to ensure full test coverage regardless of the test environment. The test includes a full test report that will be produced for the customer and the test expert/s will be made available via a WebEx conference call to discuss the results and provide guidance on ways that the customer can mitigate any identified vulnerabilities.

  • Chief Information Officer (CIO);
  • Chief Technical Officer (CTO);
  • Chief Risk (Management) Officer;
  • Chief Security Officers;
  • IT management.
  • Review of site architecture, design considerations and security configurations;
  • Authentication and session security management, user management and auditing;
  • Cross Site Scripting (XSS) and Cross Site Request Forgery (XSRF);
  • Insecure Direct Object references, URL access restrictions, redirects and forwarding validations;
  • System and code vulnerabilities;
  • Cryptographic usage and storage and
  • Denial of Service (DoS) and transport level security issues.

The website cyber-vulnerability assessment provides out clients with:

  • A thorough assessment of the security vulnerabilities of their website;
  • A vulnerability risk register and supporting evidence of the exploit used;
  • A set of priority steps to take in order to mitigate the identified risks and
  • Guidance on how to address issues identified.

Furthermore, the testing is not limited to specific website development languages or web-server technology.

  • We provide our clients with a comprehensive report on the vulnerability testing which includes:
    • a management (executive) summary;
    • a detailed risk register;
    • prioritised remediation process and technical details and evidence for the outcomes of each test
  • A technical and managerial review of results with the team which conducted the testing in order to:
    • provide clarity on the identified vulnerabilities and
    • advice on the best practice remediation steps that can be implemented.
how can we help you?

Contact us at Global Cyber Standard office nearest to you or submit a business inquiry online.

Get your Cyber Security Website Vulnerability Testing