External Web Application Rating Report

We test your web application from the outside, like an attacker would see it on the internet, without needing access to your source code or internal systems. You receive a graded report (A-F) with a prioritised list of issues and recommended fixes.

Noctulux Rating Report

app.example.com · External assessment

Sample
B

Overall rating

Good. Prioritised fixes recommended

Score 7.2 / 10

Domain ratings

  • Transport & TLSA
  • Security headersB
  • AuthenticationC
  • Session managementC
  • API securityC
  • Information disclosureD

Deliverables

What you actually receive

Every engagement ends with concrete artifacts your team can use. Not slides. Browse sample outputs below.

Rating report

PDF with overall grade, numeric score, and domain breakdown your board can read in minutes.

Noctulux Rating Report

app.example.com · External assessment

NX-RAT-2026-018B · 7.2/10Sample
B

Overall rating

Good. Prioritised fixes recommended

Score 7.2 / 10

Domain ratings

  • Transport & TLS
    A92%
  • Security headers
    B78%
  • Authentication
    C64%
  • Session management
    C58%
  • API security
    C62%
  • Information disclosure
    D48%
Noctulux · Confidential samplePage 1 of 24

Practical

What to expect

Who it's for, how we work together, and where we draw the line.

Best for

  • A first assignment with a new application or vendor
  • Risk committees that need a proportionate external view
  • Establishing a baseline before periodic reporting
  • Situations where budget or timeline does not allow a full penetration test

How the engagement runs

  1. 1. Scoping call to agree URLs, authentication access, and any constraints

  2. 2. Written scope confirmation before testing begins

  3. 3. External assessment within the agreed time window

  4. 4. Report drafting, quality review, and delivery

  5. 5. Optional readout call to walk through findings and priorities

Honest boundaries

  • Findings reflect agreed scope, access level, and the assessment time window
  • External testing means some issues may be rated Likely or Possible rather than Confirmed
  • A favourable rating does not replace deeper testing where risk warrants it
  • Report is independent Noctulux work, not an official third-party risk score

Engagement package

What you get. And what you don't.

Fixed outputs and scope, agreed before we start. No surprises afterward.

External Web Application Rating Report (PDF)

  • Overall rating (A-F) and score (0 to 10)
  • Domain-level ratings with brief rationale
  • Finding register with severity and confidence
  • Business impact summary and prioritised remediation roadmap
  • Scope and limitations statement

Detailed examples are shown in the deliverables section above.

Plan a conversation

Starting from €1,250 excl. VATPricing guidance