To uncover vulnerabilities in a given web application or web-based API. Vulnerable web applications are a major source of data leaks and network breaches. By finding the flaws before the attackers, costly incidents can be avoided.

• Accounts and code delivered – the client provides Danish Cyber Defence with access to a working copy of the web application, documentation and optionally source code.
• Analysis – the web application is tested both manually and with automated tools to locate vulnerabilities and issues that could compromise the security of the application. If access to source code is included in the scope, portions of the code will be reviewed and used to drive parts of the manual test process.
• Reporting – we present our findings to the relevant stakeholders focusing on how to resolve the uncovered security issues in the web application.

After the accounts and documentation has been delivered to Danish Cyber Defence, the analysis is performed offsite. A contact point from the client is needed to facilitate any issues that might arise during the test.

That a web application is tested at least once before deployment. Furthermore, if the application is an evolving code base, we recommend that it be tested biannually or before major code updates are deployed.