Web App Penetration Testing

We can test your web app security and provide a detailed report and remediation guidance.


CREST Accredited Web App Testing

Whether you develop or utilise web applications, regular testing is essential to protecting your data.

We provide web app penetration testing in accordance with OWASP methodology to identify vulnerabilities that an attacker could use to compromise the application and access its data.

Our experienced consultants can test your web app security and provide a detailed report and remediation guidance.

We’ll also provide a free retest for peace of mind.

  • CREST Accredited for Penetration Testing
  • CREST, Tigerscheme, Cyberscheme & OSCP Testers
  • Best Practice Testing Methodology
  • Detailed Test Report & Remediation Guidance
  • Call to Discuss Findings & Recommendations
  • Free Retest for Remediated Vulnerabilities
  • Affordable Rates & Flexible Engagements

03330 500 111


Our Qualifications

Evalian penetration testing accreditation

I’ve engaged with evalian® for the first time and have been very impressed. They have assisted us with a number of Information Security Projects from Penetration Tests through to a comprehensive GDPR compliancy assessment. evalian® have a deep understanding of the fields they work in. Commercially, evalian® are very competitive and I would highly recommend their services.

Dave Clarke, CTO, BES Utilities

Our Approach

Data Mapping

Test Scoping

We'll help you determine the right tests and scope based on your objectives

Evalian Assessment

Proposal & Quote

You'll get a written proposal and quote tailored to your requirements


Statement of Work

We'll prepare an SoW covering testing deliverables and prerequisites

End Point Build Assessment

Testing Work

Your tester will deliver the work, staying in contact with you throughout


Detailed Report

You'll get a detailed report setting out our findings and recommendations


Post Test Debrief

We'll arrange a call to discuss our report and answer your questions

Mobile application Testing

Remediation Advice

We'll remain available to you to provide remediation advice and guidance

Vulnerability Assessments

Free Retest

When you've fixed the issues identified in the test, we'll retest them for you

Trusted By

Testing Methodology

Reconnaissance & Information Gathering

We’ll start by gathering open-source intelligence about the application to be tested, in the same way an attacker would.

Application Testing

Your tester will assess the application in accordance with the Open Web Application Security Project (OWASP) testing methodology, covering the following areas:

  • Configuration and Deployment Management
  • Identity Management
  • Authentication
  • Authorisation
  • Session Management
  • Input Validation
  • Error Handling
  • Cryptography
  • Business Logic
  • Customer Side Testing

Testing Includes

Depending on the agreed scope, our testing activities will include the following and more:

App & Host Fingerprinting
App Enumeration
Web Leakage Review
Configuration Testing
HTTP Testing
Identity & Role Testing
Credential Testing
Authentication Bypass Testing
Authorisation Bypass Testing
Privilege Escalation Testing
Session Management Testing
Cross Site Forgery Testing
Cross Site Scripting Testing
SQL Injection Testing
Other Injection Testing
Buffer Overflow Testing
Error Code Testing
Encryption Weakness Testing
Data Validation Testing
Integrity Check Testing
Malicious File Testing

About Us

Evalian provides web app penetration testing, security assessment and data protection services to organisations of all sizes in the UK and globally.

Our experienced team work from offices in London, Southampton and Manchester and remotely across the UK. We are certified to ISO 27001 and ISO 9001 and CREST accredited for penetration testing.

If you need a quote, example reports, or just want some advice we’d be pleased to help. Contact us today for more information.


Need Testing Advice?

Contact us now for a friendly, no-obligation discussion or to request more information about our penetration testing and security assessment services.

Contact Us