Web application vulnerabilities have resulted in the theft of millions of credit cards,
What is a web application Penetration Test?
A Web Application Penetration test is an authorised hacking attempt on open source and custom web applications. The aim of this test is to identify and exploit vulnerabilities relating to: authorisation, security configuration and data protection mechanisms.

Shearwater’s Web Application Penetration Testing Methodology
Shearwater: The Gold Standard in Penetration Testing
Here is how we raise the bar:

Comprehensive Reporting
Shearwater offers in-depth executive level reporting which serves as a risk minimisation tool for management, and a technical document – listing vulnerabilities prioritised according to risk level – for the internal security team. The report also provides access to mitigation strategies based on Shearwater’s key insights into the cyber-threat landscape.

Post Engagement Follow Up
Our post engagement follow-up is an additional benefit that allows clients to engage us with questions, or seek guidance on issues referred to in our report.

Testing Standards
The Open Web Application Security Project (OWASP)
The National Institute of Standards and Technology (NIST)
Source Security Testing Methodology Manual (OSSTMM)
Penetration Testing and Execution Standard (PTES)
Penetration Testing Framework
Australian Government Security Policies and Guidelines

Customer Centricity
We listen to our clients to understand their goals. Our team also alerts security staff – in real time – to critical vulnerabilities and threats discovered.
Our Certifications
