Frequently Asked Questions

What types of vulnerabilities can be found in a web application?

There are different types of vulnerabilities that can be found in a web application during pentesting. Some of these include:

1. Cross-site scripting (XSS) – This vulnerability occurs when user input is not properly sanitized, allowing an attacker to inject malicious code into a web page. This code can then be executed by unsuspecting users who visit the page.

2. Injection vulnerabilities – These occur when user input is not properly filtered, allowing an attacker to inject malicious code into the application. This code can then be executed by the application to perform unauthorized actions.

3. Broken authentication and session management – This vulnerability occurs when the authentication and session management mechanisms of an application are not properly implemented. This can allow an attacker to gain access to resources or data that they should not have access to.

4. Insufficient logging and monitoring – This vulnerability occurs when an application does not properly log and monitor activity. This can allow an attacker to perform unauthorized actions without being detected.

5. Security misconfiguration – This vulnerability occurs when an application is not properly configured, resulting in a weak security posture. This can allow an attacker to exploit the application and gain access to sensitive data.

Back to Index

What if you encounter confidential information during pentesting?

All results of the penetration tests that we perform on your website or infrastructure are strictly confidential and we do not share them with third parties. We neither keep any sensitive information we may get access to, and the resulting reports are kept by AI Web Security for a limited period of time only.

Back to Index

Is it enough to test the infrastructure once a year?

The number of tests per year strongly depends on the size of your company. For small companies we recommend to test the infrastructure once in 6 months. For medium and big size companies with higher number of regular changes and improvements, quarterly tests are highly recommended.

Back to Index

How much does it cost to order a penetration test?

The price highly depends on the size of the target website and/or the company’s infrastructure. Today the starting price for pentesting services is pretty high on the market. However, we have developed a flexible approach so that even small companies and start-ups can afford it.

One of our advantages is that we stay permanently honest with the customers. We do not entice clients with low prices in order to double or triple the costs in the very end. The cost that you receive in the offer can be only changed downwards due to some extra discounts. Please ask for a quote in the corresponding section of this website.

Back to Index

Can you test our internal infrastructure?

Yes, the current scope of our services include testing of the company’s external and internal infrastructure, vulnerability assessment, web application testing, and incident response. The tests can be performed without any previously disclosed data from your side (black-box testing) or with full access to the company’s infrastructure (white-box testing). Please ask for a quote in the corresponding area of this website.

Back to Index

Will you help us fix the detected issues?

We will provide you with our recommendations for how to fix the detected issues. The process of fixing is usually performed by your corresponding technical team (web development, software development, network team, etc.). At the same time, your technical specialists are not necessarily professionals in IT security. That is why they are welcome to ask for clarification about the detected issues if needed.

It is highly recommended to perform re-testing after all issues have been fixed. A re-test is advised in a period of 90 days after the initial penetration testing.

Back to Index

How do we order a penetration test with you?

The first step is to ask for a quote on our website (“Contact us” ). You are welcome to provide us with some basic information about your needs or interest. After we receive your request and get in contact with you, we will discuss the details and send you a commercial offer with the cost of our services. After finalizing the details, an agreement will be offered for signing.

Back to Index

How much time does it take to perform testing?

For better results, we use various scanners and methods. We usually try not to overload your website with multiple requests from our software instruments. That is why testing of one website usually takes up to 10 business days.

Back to Index

What kind of tests do you perform?

To find out existing vulnerabilities in our client’s website or infrastructure, we perform a series of automated and manual tests. The tests are aimed at detecting existing weaknesses and include vulnerability scanning, checking for exploits, and other tests that conform to the world security testing standards.

Back to Index
Scroll to Top