Web Application Scans
Is your web application secure?
Security testing isn’t one-size-fits-all. Whether you are a web application owner or a developer, regularly checking for vulnerabilities is essential to keep your web application safe and reliable. Attackers are constantly scanning the internet for vulnerable websites. Our scanning services help identify weaknesses in your application before malicious actors can exploit them.
Each scan is carefully prepared and reviewed by our cybersecurity professionals, who provide a clear, actionable report that helps you fix any gaps. Safeguarding your application against cyber threats will give you and your customers peace of mind.
Not sure yet where to start? You can begin with a single scan, choosing either a baseline vulnerability scan or an advanced application scan, to understand your current risk level and get actionable insights immediately.
Our Work Method
At Forus-P, we follow a structured approach to make sure every scan provides maximum value. From preparation and technical analysis to expert review and clear reporting, our method ensures you not only understand the vulnerabilities in your application, but also receive actionable guidance to address them.
1. Preparation
For accurate results, we create login scripts for customer accounts and ensure all key pages of your application are scanned, while skipping unnecessary checks on similar pages.
2. Crawl Phase
One or more crawl scans are carried out for thorough preparation, with results carefully analysed to check if the scanner is correctly set up and ready to go.
3. Scan Phase
Our scanner tests close to 4000 issues, including common vulnerabilities from the OWASP Top 10, such as SQL Injections and Cross-Site Scripting (XSS).
4. Prioritising
We review and validate all findings to reduce false positives. Each risk is rated as high, medium, or low based on its impact and likelihood of exploitation.
5. Results
Our secure report lists all vulnerabilities with their risk levels, giving clear guidance on what to fix. We always recommend a rescan to check your changes.
6. Support
Our team is happy to guide you through reproducing identified vulnerabilities, explain their impact, and provide practical advice to help you fix them effectively.
Scanning options
We offer multiple scanning options depending on your needs and the level of assurance you require. Whether you want a single vulnerability scan, a more in-depth application scan, or ongoing coverage through our scan and developer licences, our services are designed to fit your security requirements.
Every website is different, and so are your security needs. Whether you run a small business site or manage a growing online platform, our scanning services help you stay protected against cyber threats. Scans can be performed as a single assessment or scheduled periodically to maintain baseline security. Each scan combines automated testing with expert manual tasks to ensure accurate, actionable results.
Our single or yearly recurring scan licence includes:
- 1 Scan on 1 URL
- Detection of common vulnerabilities (OWASP Top 10 included)
- Testing of client account and subdomains
- Encrypted report with findings
- Support for high risks only
- Extra fee for rescans to check fixed high risks
Our yearly Basic licence includes:
- Quarterly scans on 1 URL
- Detection of common vulnerabilities (OWASP Top 10 included)
- Testing of client account and subdomains included
- Encrypted report with findings
- Support for high risks only
- Extra fee for rescans to check fixed high risks
Our yearly Bronze Lite licence includes:
- Bi-monthly scan on 1 URL
- Detection of common vulnerabilities (OWASP Top 10 included)
- Testing of client account and subdomains included
- Encrypted report with findings
- Support for high risks only
- Unlimited rescans to check fixed high risks
Our yearly Bronze licence includes:
- Monthly scan on 1 URL
- Detection of common vulnerabilities (OWASP Top 10 included)
- Testing of client account and subdomains
- Encrypted report with findings
- Support for high risks only
- Unlimited rescans to check fixed high risks
- Our Secure Badge on your site
Our yearly Silver licence includes:
- Weekly scan on 1 URL
- Detection of common vulnerabilities (OWASP Top 10 included)
- Testing of client account and subdomains
- Encrypted report with findings
- Support for all detected risks
- Unlimited rescans to check fixed high risks
- Our Secure Badge on your site
Our yearly Gold licence includes:
- 5-Day greybox penetration test
- Monthly scan on 1 URL
- Detection of common vulnerabilities (OWASP Top 10 included)
- Testing of client account and subdomains
- Encrypted reports with findings
- Support for all detected risks
- Unlimited rescans to check fixed high risks
- Our Secure Badge on your site
Integrating web application scanning into your development process not only strengthens security but also builds trust and credibility with your clients, showing that their applications are developed with cybersecurity in mind. In addition to the bundles below, we also offer options for ongoing security checks across all your clients’ sites. Contact us for details.
Our bundle of max. 10 scans is valid for 1 year and includes:
- Scans on test environment only
- Single scan on different URLs
- Periodic scans on same URL
- Detection of common vulnerabilities (OWASP Top 10 included)
- Testing of client account and subdomains
- High-risk support only (upgrade to all risks possible)
- Encrypted PDF report (upgrade to HTML possible)
Our bundle of max. 30 scans is valid for 1 year and includes:
- Scans on test environment only
- Single scan on different URLs
- Periodic scans on same URL
- Detection of common vulnerabilities (OWASP Top 10 included)
- Testing of client account and subdomains
- High-risk support only (upgrade to all risks possible)
- Encrypted PDF report (upgrade to HTML possible)
Our bundle of max. 60 scans is valid for 1 year and includes:
- Scans on test environment only
- Single scan on different URLs
- Periodic scans on same URL
- Detection of common vulnerabilities (OWASP Top 10 included)
- Testing of client account and subdomains
- High-risk support only (upgrade to all risks possible)
- Encrypted PDF report (upgrade to HTML possible)
Our bundle with unlimited scans is valid for 1 year and includes:
- Scans on test environment only
- Single scan on different URLs
- Periodic scans on same URL
- Detection of common vulnerabilities (OWASP Top 10 included)
- Testing of client account and subdomains
- High-risk support only (upgrade to all risks possible)
- Encrypted PDF report (upgrade to HTML possible)
For organisations needing a more in-depth assessment, our advanced application scan combines professionally monitored automated scanning with expert manual testing. It goes beyond common issues to identify complex risks and subtle weaknesses, and can be tailored to a targeted scope or specific vulnerabilities to provide focused insight where it’s needed most.
Our single advanced scan includes:
- 1 Scan on 1 URL
- Detection of common vulnerabilities (OWASP Top 10 included)
- Detection of more subtle and complex risks
- Testing of client account and subdomains
- Encrypted report with remediation guidance
- Support for high risks found
- Extra fee for rescans to check fixed high risks
Our periodic advanced scan includes the following:
- Frequency in consultation
- Detection of common vulnerabilities (OWASP Top 10 included)
- Detection of more subtle and complex risks
- Testing of client account and subdomains
- Encrypted report with remediation guidance
- Support for high risks found
- Free rescans to check fixed high risks
- Our Secure Badge on your site
Every website is different, and so are your security needs. Whether you run a small business site or manage a growing online platform, our scanning services help you stay protected against cyber threats. Scans can be performed as a single assessment or scheduled periodically to maintain baseline security. Each scan combines automated testing with expert manual tasks to ensure accurate, actionable results.
Our single or yearly recurring scan licence includes:
- 1 Scan on 1 URL
- Detection of common vulnerabilities (OWASP Top 10 included)
- Testing of client account and subdomains
- Encrypted report with findings
- Support for high risks only
- Extra fee for rescans to check fixed high risks
Our yearly Basic licence includes:
- Quarterly scans on 1 URL
- Detection of common vulnerabilities (OWASP Top 10 included)
- Testing of client account and subdomains included
- Encrypted report with findings
- Support for high risks only
- Extra fee for rescans to check fixed high risks
Our yearly Bronze Lite licence includes:
- Bi-monthly scan on 1 URL
- Detection of common vulnerabilities (OWASP Top 10 included)
- Testing of client account and subdomains included
- Encrypted report with findings
- Support for high risks only
- Unlimited rescans to check fixed high risks
Our yearly Bronze licence includes:
- Monthly scan on 1 URL
- Detection of common vulnerabilities (OWASP Top 10 included)
- Testing of client account and subdomains
- Encrypted report with findings
- Support for high risks only
- Unlimited rescans to check fixed high risks
- Our Secure Badge on your site
Our yearly Silver licence includes:
- Weekly scan on 1 URL
- Detection of common vulnerabilities (OWASP Top 10 included)
- Testing of client account and subdomains
- Encrypted report with findings
- Support for all detected risks
- Unlimited rescans to check fixed high risks
- Our Secure Badge on your site
Our yearly Gold licence includes:
- 5-Day greybox penetration test
- Monthly scan on 1 URL
- Detection of common vulnerabilities (OWASP Top 10 included)
- Testing of client account and subdomains
- Encrypted reports with findings
- Support for all detected risks
- Unlimited rescans to check fixed high risks
- Our Secure Badge on your site
Integrating web application scanning into your development process not only strengthens security but also builds trust and credibility with your clients, showing that their applications are developed with cybersecurity in mind. In addition to the bundles below, we also offer options for ongoing security checks across all your clients’ sites. Contact us for details.
Our bundle of max. 10 scans is valid for 1 year and includes:
- Scans on test environment only
- Single scan on different URLs
- Periodic scans on same URL
- Detection of common vulnerabilities (OWASP Top 10 included)
- Testing of client account and subdomains
- High-risk support only (upgrade to all risks possible)
- Encrypted PDF report (upgrade to HTML possible)
Our bundle of max. 30 scans is valid for 1 year and includes:
- Scans on test environment only
- Single scan on different URLs
- Periodic scans on same URL
- Detection of common vulnerabilities (OWASP Top 10 included)
- Testing of client account and subdomains
- High-risk support only (upgrade to all risks possible)
- Encrypted PDF report (upgrade to HTML possible)
Our bundle of max. 60 scans is valid for 1 year and includes:
- Scans on test environment only
- Single scan on different URLs
- Periodic scans on same URL
- Detection of common vulnerabilities (OWASP Top 10 included)
- Testing of client account and subdomains
- High-risk support only (upgrade to all risks possible)
- Encrypted PDF report (upgrade to HTML possible)
Our bundle with unlimited scans is valid for 1 year and includes:
- Scans on test environment only
- Single scan on different URLs
- Periodic scans on same URL
- Detection of common vulnerabilities (OWASP Top 10 included)
- Testing of client account and subdomains
- High-risk support only (upgrade to all risks possible)
- Encrypted PDF report (upgrade to HTML possible)
For organisations needing a more in-depth assessment, our advanced application scan combines professionally monitored automated scanning with expert manual testing. It goes beyond common issues to identify complex risks and subtle weaknesses, and can be tailored to a targeted scope or specific vulnerabilities to provide focused insight where it’s needed most.
Our single advanced scan includes:
- 1 Scan on 1 URL
- Detection of common vulnerabilities (OWASP Top 10 included)
- Detection of more subtle and complex risks
- Testing of client account and subdomains
- Encrypted report with remediation guidance
- Support for high risks found
- Extra fee for rescans to check fixed high risks
Our periodic advanced scan includes the following:
- Frequency in consultation
- Detection of common vulnerabilities (OWASP Top 10 included)
- Detection of more subtle and complex risks
- Testing of client account and subdomains
- Encrypted report with remediation guidance
- Support for high risks found
- Free rescans to check fixed high risks
- Our Secure Badge on your site
QUESTIONS?
Share your details or book a time to chat online, and we’ll be happy to discuss how our scans can support your organisation.
We handle your personal data with care and use it only for the purpose for which it was provided. Please read our privacy statement for more information.
* Required
