Each vulnerability is paid out according to its severity.
Vulnerabilities that must be analyzed carefully for security implications, e.g., Weak TLS versions or cryptographic ciphers.
Medium severity vulnerabilities indicate issues that could potentially result
in information or system compromise, e.g., Reflected XSS, SSRF.
High severity vulnerabilities indicate problems that could result in immediate
Compromise, e.g., SQL Injection, Stored XSS, Authentication-bypass.
Critical vulnerabilities lead to the compromise of the entire application, underlying host operating system, or infrastructure.
LENGTH OF PEN TEST
Runs Two to Four Weeks Depending on Scope
(Size, Complexity and Number of Applications)
Testing takes place in a non-production environment or on non-production builds in the case of mobile apps.
We install a lightweight software agent in each application web application server that is in scope for the testing. The agent confirms the detection of a specific instance of a vulnerability and provides context for remediation. We will work with you to ensure the application is compatible with the agent to include it in the scope.
PROGRAMMING LANGUAGES & FRAMEWORKS IN SCOPE FOR THIS TESTING:
- Android Mobile Apps & Backend Service
- Java Web Applications, APIs, Single-Page Web Applications.
- .NET 3.5+, IIS, IIS Express, ASP.NET MVC 3-5, ASP.NET Web Forms, ASP.NET Web Pages, IIS-Hosted ASMX-based Web Services, IIS-Hosted Web API, IIS-Hosted WCF Services.