Penetration Testing

Penetration Testing is a critical step in building any robust and secure system.

No matter how good your development team is, there are always little things that can be easily overlooked allowing an attacker to exploit your product or service. I mean, you wouldn't want to drive over a bridge that had not been thoroughly checked beforehand, right? No, probably not.

By taking a holistic approach to Penetration Testing, we cover a broad range of attack vectors to ensure we test your security from every angle. After all, this is exactly what the bad guys are doing so lets beat them to the punch.


Utilizing a combination of automation, standards such as OWASP and manual testing, we cover all known web application security vulnerabilities such as authentication vulnerabilities, weak password rules, injection exploits like SQL injection, cross site scripting, cross-user and cross-tenant data access exploits and more.

Due to our diverse staff skill set, we have the capability to test modern frameworks such as Angular, React and Vue javascript frameworks, which traditionally have been hard to test. As well as most common languages and corresponding frameworks of course.

Mobile apps

Mobile apps will usually require a similar process to websites, checking communications between the application and third-party services and some mobile device specific tests, specifically that might allow an attacker access to your phone or to circumvent the phone OS security.

This will usually also include a code and deployment configuration review, and quite often an associated penetration test for the central datastore API.


We will test for common web application security vulnerabilities and Role-based Access Controls (RBAC), whether you can gain access to data that is not yours once you have been authenticated.

Typically this includes a code review.


If you're running your own servers, we can test for common security vulnerabilities and help establish best practices to harden your servers.

Cloud services

We won't test the cloud service itself, the provider does that already - but it's easy to misconfigure your services or forget critical configuration exposing your data. This we can test and help you establish procedures to ensure your data stays safe into the future.

Copyright @2020 Software Security NZ.