Basic offer for penetration test
focusing on OWASP Top 10

Basic offer for penetration test
focusing on OWASP Top 10


You have a web application with a protected area and features such as profile management, file storage and a contact form. We test your application for the top 10 risks according to OWASP and more.


  • Purely technical testing of your web application
  • Purely external examination from different roles: anonymous visitor, standard user, privileged user
  • Suitable for most modern web applications

Your benefits: what is investigated?

  • Manual testing of the web application for the top 10 security risks according to OWASP
  • Manual testing of compliance with the recommendations for secure web applications
  • Oriented towards practical issues
     •  faced by standard users: is control over my data guaranteed? Is access by third parties adequately secured?
     •  faced by administrators: are the administrative features secured against unauthorized access?
        Can the application be misused to the detriment of third parties?
  • Includes a vulnerability scan of the web server to test for vulnerabilities in the software components used or in the configuration

Result (output)

  • Report with executive summary
  • The report contains results and analyses, evidence and recommended measures
  • Presentation and discussion of the report online or on site

Differentiation from basic offer of penetration test focusing on intrusion

  • Thorough testing of the features and roles of the web application for vulnerabilities

Customer profile: who is the basic offer of the penetration test focusing on the OWASP Top 10 aimed at?

  • Companies that offer services via their own web portal
  • SMEs and startups

Resource planning: little effort required from you

The effort for you amounts to around 12 hours. This time is divided up as follows:

  • Participation in the kick-off meeting and report meeting
  • Description of functional scope, intended use, special cases and worst-case scenarios, to ensure rapid training of the tester
  • Setup of the accounts required for the testing; deletion of the accounts upon project completion
  • Possible activation of our IP range for the tests
Additional offers from the audit field
Basic offer of penetration test focusing on intrusion
This offer focuses on the technical testing of vulnerabilities that could allow cybercriminals to penetrate your infrastructure.
Basic offer of penetration test focusing on resilience
The additional offer focusing on resilience assumes that an attacker or malware already has access to the network and examines their options for achieving the attack objective.
Social Engineering – Professional Phishing Prevention
Phishing campaigns are used as part of an extensive audit project or as part of a security awareness project.
terreActive gives us a partner in the area of vulnerability and penetrating testing that is top-notch both technically and professionally. They let us meet the FINMA requirements in the best possible way. We appreciate having a business relationship that is like a partnership!
Roger Marty
Risk Handling, Head of Security Department
Luzerner Kantonalbank AG
terreActive’s long-standing business relationships involving the handling of highly sensitive data from banks, authorities and insurance companies gave us the confidence that we were relying on the right partner for the auditing process.
Thomas Jaggi