pentest-console · authorised scope

Web Application Penetration Testing

With your written permission, we actively test your web application to find security weaknesses, including login flows, APIs, and how the application handles data. Unlike an external rating report, this is hands-on authorised testing with evidence of what we find.

FrontendUI & client-sideAPIsBackend endpointsAuthLogin & sessionsLogicBusiness rules

Deliverables

What you actually receive

Every engagement ends with concrete artifacts your team can use. Not slides. Browse sample outputs below.

Finding detail

Reproducible steps, severity, and impact. Each finding documented like your team needs it.

Finding · PT-007

CVSS 9.1

NX-PT-007Sample
Critical

SQL injection in search parameter

Affected: /api/v2/search · PostgreSQL 14 backend · auth-service pod

Reproduction steps

  1. 1.Navigate to /api/v2/search?q=test and confirm baseline JSON response
  2. 2.Inject payload: ' OR 1=1-- in the q parameter
  3. 3.Observe full user table returned including email, role, and last_login fields
  4. 4.Repeat with UNION SELECT to confirm read access to sessions table
  5. 5.Verify no WAF or rate limiting blocks repeated exploitation attempts

Impact

Unauthenticated read access to all user records including email addresses, password hashes, and session tokens. Enables account enumeration and credential stuffing follow-up.

Remediation

Parameterise all database queries via prepared statements. Deny-list SQL metacharacters at input layer. Add WAF rule on /api/v2/search. Rotate session secrets after fix.

Noctulux · Confidential samplePage 1 of 28

Practical

What to expect

Who it's for, how we work together, and where we draw the line.

Best for

  • Applications handling sensitive data, payments, or customer accounts
  • Pre-release or major release security validation
  • Contractual or procurement requirements for technical testing (not certification)
  • Follow-up when an external rating report identified issues needing deeper validation

How the engagement runs

  1. 1. Scoping workshop to agree URLs, environments, credentials, and rules of engagement

  2. 2. Written authorisation and scope confirmation before any testing

  3. 3. Hands-on testing within the agreed window (staging preferred; production by explicit agreement)

  4. 4. Finding validation, report drafting, and internal quality review

  5. 5. Report delivery with optional readout for engineering and risk teams involved

Honest boundaries

  • Testing is bounded by scope, environment, and time. It is not exhaustive of all possible attack paths
  • Staging environments are preferred; production testing requires explicit safeguards
  • Findings describe risk observed in scope, not certification against any standard
  • Remediation validation is a separate engagement if you need formal retest evidence

Engagement package

What you get. And what you don't.

Fixed outputs and scope, agreed before we start. No surprises afterward.

Web application penetration test report

  • Finding register with severity, confidence, and remediation guidance
  • Evidence summaries suitable for internal distribution (redacted)
  • Executive summary for risk and engineering teams involved
  • Retest recommendations where appropriate

Detailed examples are shown in the deliverables section above.

Plan a conversation

Starting from €2,500 excl. VATPricing guidance