I perform Vulnerability Analysis and Penetration Testing.of Websites which will enable you to fix the exploitable loopholes in your application , boosting the confidence of your customers visiting your website.
What does Web Application Penetration mean ? Or what exactly is hacking into the website ?
Hacking into the website would basically mean , gaining ability to perform any action that is not allowed or prohibited.
It can include but not limited to the following acts
1) Taking control of the website
3) Downloading the entire database
4) Accessing someone else's Session , masquerading
5) uploading malware etc..
These , risks , can be exploited by performing certain known issues. These issues have been globally recognized as OWASP TOP 10. https://www.owasp.org/index.php/Top_10_2010
We as Web App Security professionals , specialize in analysis of these top 10 issues in a website. A good majority of issues can be avoided/averted if these 10 top issues are closed or fixed , then your website is safe from a wide range of attacks. It is a globally accepted/recognized standard. Its called the OWASP or the Open Source Web Application Security Project.
I as an attacker , not only attack the website , but also give recommendations to fix these loopholes irrespective of the language in which your application is coded.
Website Penetration Testing can be done in 3 stages. Each stage is mutually exclusive and doesn't depend on one another.
1) Black Hat Hacking : The client shall just provide with the URL of the target website. My job would be to think like an attacker and try to hack into your website trying to exploit the OWASP TOP 10 vulnerabilities. In this stage,the number of vulnerabilities found are less.
2) Gray Hat Hacking : The client shall give access to additional information about the website , like Login Credentials so that I can test the internal part of your website. This step is usually clubbed with the first test to remove maximum vulnerabilities. Additional Vulnerabilities would be discovered only in this stage , like Business Logic Flaws or Session Related Flaws , Cross Site Request Forgeries , which would be very much limited in the first stage.
3) White Hat Hacking : This stage , in addition to the above 2 stages, would include reviewing the Source Code of your website for vulnerabilities within the code. When we as an attacker , get access to the source code , we are able to find much more Vulnerabilities combined in the above 2 stages.
Certified Ethical Hacker
Depending upon the stage you select , the consultancy fees shall vary.
1) If Stage 1 + 2 is given or stage 1 alone , the the charges would be $3 / URL
2) For stage 3 , the charges would be $3 / file of the entire source code.