Web Vulnerabilities · Pentest

When you get hacked, you find out when your site stops loading.

Web vulnerability analysis, OWASP Top 10 scanning, and configuration review — to detect before an attacker does first.

Free Diagnosis Book a Meeting

Who it's for

  • E-commerce and companies handling sensitive customer data (emails, IDs, payment, medical).
  • Businesses wanting to act pre-incident, not post and reduce risk before a real attack.
  • Companies needing audit for tenders or certifications (ISO 27001, PCI-DSS) that require external analysis.
  • Companies that just suffered an attack and need a review post-incident so it does not happen again.

Who it's NOT for

  • × Anyone needing to recover already-stolen data . That is incident response, not preventive analysis. We refer you.
  • × Anyone in security red status on the verge of collapse. First stabilize basics, then audit.
  • × Anyone needing internal network pentest or on-premise audit. We focus on public web assets.

What's included

01 · Reconnaissance

Surface Mapping

Identification of all public web assets: subdomains, endpoints, exposed APIs, admin panels. The information an attacker would gather first.

02 · Scanning

OWASP Top 10 and Known CVEs

Automated scanning + manual review of: SQL injection, XSS, weak authentication, data exposure, insecure configuration, dependencies with known vulnerabilities.

03 · Configuration

Headers, TLS, and Hardening

Review of security headers (CSP, HSTS, X-Frame-Options), TLS configuration, permissive CORS, version exposure, sensitive files indexed.

04 · Report

Findings and Remediation

Executive + technical report with findings prioritized by severity (critical/high/medium/low), evidence, potential impact, and specific remediation steps.

How we work

01

Scope and authorization

Meeting to define analysis scope, included domains, time window. Formal authorization signed — no written authorization, nothing runs.

02

Analysis and report

Execution within the agreed window. No impact on site availability. Full report delivered in 7 to 14 days depending on scope.

03

Remediation and re-test

Optional support to fix findings (with your team or ours). Free re-test 30 days later to validate corrections worked.

Frequently asked questions

Is this legal? Do I need permission? +

Yes, fully legal — provided written authorization from the system owner (you). Without signed formal authorization, we do not run anything. Non-negotiable.

Can you take down my site during the analysis? +

Our analysis is non-invasive by default: no DoS, no destructive exploits. Deeper active pentest is agreed separately with a specific window and verified backup.

How much does a vulnerability analysis cost? +

Depends on scope: number of domains, APIs, depth of pentest, manual review time. There is no realistic range without first understanding what you want to protect. We give a concrete figure after defining scope in an initial meeting.

Do you guarantee I will not be hacked afterwards? +

No, nobody can. We do guarantee having reviewed what was known at the time of the analysis. Security is continuous: new vulnerabilities emerge monthly.

Do you only work with OWASP Top 10? +

OWASP Top 10 is the base, but we cover more: ASVS, CWE Top 25, stack-specific CVEs, server configuration, headers. Not just running a script.

Can you audit my mobile app too? +

Mobile apps are a different scope (binaries, local storage, backend communication). We quote them separately because the methodology differs.

Rintegg IT Diagnosis

IT Diagnosis

Schedule IT Advisory / Secure Channel.

Contact

Your company

Sales channels

Sales channels (select all that apply)

Your data is protected. We do not share information with third parties.