External Web Application Rating Report
We test your web application from the outside, like an attacker would see it on the internet, without needing access to your source code or internal systems. You receive a graded report (A-F) with a prioritised list of issues and recommended fixes.
Noctulux Rating Report
app.example.com · External assessment
Overall rating
Good. Prioritised fixes recommended
Score 7.2 / 10
Report type
External rating
Domain ratings
- Transport & TLSA
- Security headersB
- AuthenticationC
- Session managementC
- API securityC
- Information disclosureD
Deliverables
What you actually receive
Every engagement ends with concrete artifacts your team can use. Not slides. Browse sample outputs below.
Rating report
PDF with overall grade, numeric score, and domain breakdown your board can read in minutes.
Noctulux Rating Report
app.example.com · External assessment
Overall rating
Good. Prioritised fixes recommended
Score 7.2 / 10
Report type
External rating
Domain ratings
- Transport & TLSA92%
- Security headersB78%
- AuthenticationC64%
- Session managementC58%
- API securityC62%
- Information disclosureD48%
Practical
What to expect
Who it's for, how we work together, and where we draw the line.
Best for
- A first assignment with a new application or vendor
- Risk committees that need a proportionate external view
- Establishing a baseline before periodic reporting
- Situations where budget or timeline does not allow a full penetration test
How the engagement runs
2. Written scope confirmation before testing begins
3. External assessment within the agreed time window
4. Report drafting, quality review, and delivery
5. Optional readout call to walk through findings and priorities
Honest boundaries
- Findings reflect agreed scope, access level, and the assessment time window
- External testing means some issues may be rated Likely or Possible rather than Confirmed
- A favourable rating does not replace deeper testing where risk warrants it
- Report is independent Noctulux work, not an official third-party risk score
Engagement package
What you get. And what you don't.
Fixed outputs and scope, agreed before we start. No surprises afterward.
External Web Application Rating Report (PDF)
- Overall rating (A-F) and score (0 to 10)
- Domain-level ratings with brief rationale
- Finding register with severity and confidence
- Business impact summary and prioritised remediation roadmap
- Scope and limitations statement
Detailed examples are shown in the deliverables section above.
Starting from €1,250 excl. VATPricing guidance