Contact    Partners    Events    Pricing
877-455-6157
In addition to compliance reporting, we also provide a broad variety of security reports. Each of the following reports are industry standards, and highlight different aspects of web application security.

Executive Overview
The Executive Overview Report is a brief summary of the web application security test results. This report includes the number of vulnerabilities found for each severity level, as well as the list of vulnerabilities.

Developer
The Developer Report is a comprehensive technical document that provides extensive detail of web application security test results. This report includes information on the scans conducted, each vulnerability found, vulnerability explanations, HTTP requests and responses, reproducible scripts and code samples, and recommendations on remediation. If the Code Analysis option is chosen to be part of the test, specific examples of vulnerabilities in the actual web application source code will also be included.

OWASP Top 10
Open Web Application Security Project (OWASP) is the industry standard for determining the most critical web application security threats. The OWASP Top 10 is a list of the most critical web application security threats.

WASC Threat Classification Version 2.0
The Threat Classification provided by the Web Application Security Consortium (WASC) organizes and explains threats to the security of a web application. This project is an effort to develop and promote industry standard terminology for describing web security threats.

CWE/SANS Top 25 Most Dangerous Software Errors
The list of most dangerous software errors provided by the SANS Institute is a collection of the most critical and widespread software development errors that can lead to serious vulnerabilities in web applications.

ISO/IEC 27001 Information Security Standard
ISO 27001 is a specification for Information Security Management Systems (ISMS) published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). This standard was established to provide a model for implementing, operating, monitoring, reviewing, maintaining, and improving an ISMS.

NIST SP 800-53 Revision 4
This is a Special Publication (SP) from the National Institute of Standards and Technology (NIST). The purpose of this publication is to outline Security and Privacy Controls for Federal Information Systems and Organizations.

DISA STIG
The Defense Information Systems Agency (DISA) publishes Security Technical Implementation Guides (STIG) to provide security guidance throughout the web application development lifecycle. The STIG provides detailed guidelines for the development, integration, and updating of secure applications.
Apply for a Free Web Application Security Scan

Get Started