Web application penetration tests

Web application penetration testing is a security assessment focused on web architectures and on-line applications.

Whatever are the technologies, we are looking security flaws deep into your web applications : database connectors, dynamic forms, sessions, authentication, authorization, external api calls and so.

As opposed to classic vulnerability scans, our penetration tests are performed by great experts who will not dismiss by any security flaw. Their experiences combined to the newest intrusion techniques and tools allow them to carefully assess the risk exposure of your web infrastructures.

Penetration tests objectives ?

A penetration test will answer the following questions :

• Can a customer change the price of goods on our e-Business website ?
• Is a hacker able to log into the application without any account ?
• Are the confidential data properly protected ?
• Is a user able to jump from his profil into the profil of another user ?
• Are we exposed to Denial of Service attacks ?
• Is a hacker able to gain full control of our website ?

Reasons to choose Xmco Partners for a pentest?

Our company performs more than 10 penetration tests each month on major french and international companies websites.

The "penetration" teams is maybe one of the most experienced and famous for web application penetration testings and e-business website assessment.

Each of our new customers who have already perform penetration assessments with another consulting companies greets us for the quality of our service and for the findings of never-found-before vulnerabilies.

Our methodology

Our methodology is based on deep assessement of all parts of the application to throw light on "price tampering", sensible date exposures, profil escalation and transversal, account stealing, identity spoofing, etc.

Our tests follow a quality process to eliminate false-positives and to focus on critical vulnerabilities :



Our methodology also uses Open methodologies like OSSTMM et OWASP.