Minimizing the risks & increasing the security of your web application with the help of penetration tests
If web applications are not sufficiently protected, they risk becoming the target of potential hacker attacks. These place not only sensitive customer data in danger, but also internal company networks.
With the help of penetration tests (pentests), we support you in securing your web application in the best possible way against cyberattacks and data theft. Our experts review established security measures, determine specific risks and identify vulnerabilities.
Furthermore, they carry out analyses at the network level (port and vulnerability scans), so that the underlying backend system (web server) is also checked with respect to its security. You then receive the results of our analyses in the form of a detailed report which, among other things, also contains recommendations for action in order to eliminate vulnerabilities.




Our services: three levels of the analysis




Spot Check
Level 1
Initial assessment of the security level in the context of a sample.
Random sample / First assessment




Regular Pentest
Level 2
Deep investigation to identify the most common risks and vulnerabilities for web applications.
For most applications




Advanced Pentest
Level 3
A more in-depth analysis that – in addition to Level 2 – also identifies hard-to-exploit risks and vulnerabilities, especially through additional test scenarios.
High security level
Your benefits at a glance
- Testing of your web application according to recognized standards
- Analyses at the network level (port and vulnerability scans)
- Identification of vulnerabilities / reduction of IT risks
- Continuous improvement of the IT security of your web application
- Objective proof of the IT security of your product
Procedure of a web application security pentest




Clarification of specific technical & organizational aspects, as well as the preconditions.




Determination of fundamental information about the subject of the analysis.




Analysis of the selected web application on the basis of the collected information.




Summary of all results of the analysis in the form of a Final Report.




Optional: Re-Test
Check whether the implemented improvement & defense measures are working (effectively).
Frequently asked questions (FAQ):
- Black box
Pentest without additional information
- Gray box (standard)
Pentest with additional information, e.g. test access data and (API) documentation
- White box
Pentest with further additional information, e.g. architecture/design documents, communication matrix or source code in addition to test access data
The TÜViT experts’ approach is aligned on the OWASP Application Security Verification Standard (ASVS), which describes fundamental security requirements for web applications, as well as the OWASP Web Security Testing Guide (WSTG), which shows how the requirements from the ASVS can be verified. Furthermore, the OWASP Top 10 Vulnerabilities for Web Applications as well as the Implementation Concept for Penetration Tests of the BSI are taken into account.
The test duration depends on the selected type of analysis (Level 1 to 3) – see above. Notwithstanding the test period, a period of at least 1 week is assumed for the Spot Check (Level 1) or at least 2 weeks for the Regular (Level 2) and Advanced (Level 3) Pentest.
The costs depend on the type of check selected (levels 1 to 3) as well as the complexity of the subject of the check. A Spot Check is in the lower to mid four-digit range. The Regular Pentest is in the upper four-digit or lower five-digit range and the Advanced Pentest starts in the lower five-digit range. For an exact price indication we need more information about your web application.