Penetration testing for web applications

Web Application Pentest by certified experts

Identify and eliminate hidden vulnerabilities in your web applications.

What is a web app pentest?


A web application security audit focuses the entire test on the web applications under test, rather than a comprehensive test of the execution of services that an external penetration test or an internal penetration test would provide.

How does Redlings rate a web application?

Redlings evaluates your company's web application from multiple perspectives:
  • What can an unauthenticated attacker access? What are the possibilities for tampering?
  • What can an attacker with normal user permissions access? Are manipulations possible that go beyond what such a user is entitled to?
  • What can be done if an attacker obtains administrative rights for your web application?
Redlings performs web application assessment following the same steps that an attacker would perform. These include, for example:
  • Identify the business purpose of the web application
  • .
  • Why does the application exist? What problem is being solved
  • ?
  • How does it make your business practices easier or more efficient?
  • Identifying all the pages linked to your web application and assigning links / relationships between the pages
  • .
  • Identify the input fields in the target web application and test if the application properly handles malicious input attacks with uploads, injections or cross-site scripting
Redlings reviews the business logic associated with the web application and identifies attacks that bypass critical steps.
All tests include at least the OWASP Top-10 for web applications or the OWASP API Security Top-10 to ensure broad coverage of your web application. Redlings uses both internally developed and commercially purchased software to perform web application security assessments.
Such web application testing is aimed at customers who want to test the security of a web application before it is used by employees or customers. Likewise, a security assessment of web applications currently in use can be performed to identify vulnerabilities or misconfigurations.
Web application security testing is also available as an ongoing model (continuous pentesting).


Sie haben Fragen oder Interesse? Sprechen Sie uns gerne an.

(0621) 48 345 010

Dr. Ewan Fleischmann

Dr. Ewan Fleischmann
Security Consultant, OSCP, OSCE

Your Contact

Dr. Ewan Fleischmann


  • Over 15 years in IT security
  • Consulting for medium-sized businesses, DAX companies and financial institutions.
  • PhD thesis cryptography with 15+ international publications in IT security.
  • Conference Speaker and Trainer
  • SANS Advisory Board Member
  • 15+ certifications, including CISSP, OSCP, OSCE.

Have we sparked your interest?

Just give us a call or write us a message!

Erfolgreich! We have received your request. Thank you very much.
Fehler! An error occurred while sending. Please use another way to contact us!


We use cookies to improve user experience and analyze website traffic. Read about how we use cookies and how you can control them by clicking "Privacy Preferences".

Privacy Preferences I Agree

Privacy Preferences

When you visit any website, it may store or retrieve information through your browser, usually in the form of cookies. Since we respect your right to privacy, you can choose not to permit data collection from certain types of services. However, not allowing these services may impact your experience.