ENG
HUN
ENG
Our Services
About us
Contact us
Request a Quote
Request a Quote
Request a Quote
Back to Service Selection
Vulnerability Assessment
Contact Information
Name of contact person
Email address of contact person
Phone number of contact person
For the section below, please provide only the relevant data. On the tab, you can choose from Web application, Mobile application, or Source code.
Web Application
Mobile Application
Source Code
Informations for the certification
What is the name of the application?
For what purpose is the assessment needed (internal policy, legal obligation, etc.)?
What does the application do?
What platform was the application built on?
How is the application structured, please describe in detail (framework, programming lan-guages, devices, libraries, web server type and version, database server type and version,etc.)
Is the application public, can it be accessed online?
If the application is not public, will remote access be provided during the assessment?
Yes
No
In what environment can the assessment be performed? Is it a test, live or operational environment?
Test
Live
What are the IP addresses and domain names of the servers assessed?
Is there any known weaknesses of the web interface? (for example, it is unable to handle repeated registrations, etc.)
What activities does the web interface perform? Please list the most important ones (for example, login, registration, file management, correspondence, etc.)
Is the web page operated by an external service provider or an internal source? If there is an external service provider, please indicate the service provider’s name.
What does the assessment cover? (for example, full inquiry, XXX/library only, etc.)
What should be left out of the assessment (if any)? (for example, payment inquiry, etc.)
Is it necessary to log in to the application? If yes, how is it done? Please indicate all options (for example, by user name and password, google authenticator, Facebook account)
What privileges are on the interface and which one of these should be examined? (for example, visitor privileges, free registration privileges, editor privileges, superadmin privileges)
How many input monitors are assigned to each specific privilege?
How many static/dynamic pages does the application contain that have no input?
Does the application have a load balancing service? If yes, please describein detail
Is the application protected by firewall? If yes, please describe in detail
Do the application and the service facilities have a shared component (for example, the database serves is used by other companies as well)? If yes, please describe in detail
Please describe in detail the intrusion detection / intrusion protection or web application firewall software used, if any:
Will the source code be available during the assessment of the application?
Yes
No
Can we receive a test user account to evaluate the complexity of the application?
Yes
No
Can the assessment be performed remotely, or are we to visit some premises?
Remotely
On premise
Is there a deadline applicable to the assessment?
In what time span can the assessment be performed? (for example, any time of the day, night time only, only in regular work hours, 10:00–18:00 CET, etc.)
Mobile Application Vulnerability Assessment
What is the mobile application’s name?
For what purpose is the assessment needed (internal policy, legal obligation, etc.)?
What does theapplication do?
What platform was the API built on?
What type of application is it? (for example, hybrid, native, webview)
How is the mobile application structured? Please describe in detail (framework, programminglanguages, devices, libraries, web server type and version, database server type and version,etc.)
In what environment can the assessment be performed? Is it a test, live or operationalenvironment?
Test
Live
In the case of test environment, how are test versions distributed? (for example,TestFlight,HockeyApp)
In the case of live environment, please specify how the applications can be accessed in application stores.
What activities does the application interface perform? Please list the most important ones (for example, login, registration, file management, correspondence, etc.)
Is the application developed by an external service provider or an internal source? If there is an external service provider, please indicate the service provider’s name.
Should the server API or webview be examined?
Yes
No
What does the assessment cover? (for example, full inquiry, XXX function only, etc.)
What should be left out of the assessment (if any)? (for example, registration inquiry, etc.)
What privileges are in the application and which one of these shouldbe examined? (for example, user privileges, editor privileges, superadmin privileges)
How many input monitors are assigned to each specific privilege?
How many static/dynamic pages does the application contain that have no input?
Will the source code be available during the assessment of the application?
Yes
No
Can we receive a test user account to evaluate the complexity of the application?
Yes
No
Please list the individually developed modules of the application (for example, uniqueencryption algorithm, specificsecurity solution)
Is there a deadline applicable to the assessment?
Source Code Analysis
What is the name of the software?
For what purpose is the assessment needed (internal policy, legal obligation, etc.)?
In what languages was the source code written? Please list all (for example, java, php, asp,etc.).
How many lines does the source code contain without external libraries?
For what purpose is the source code analysis conducted? (for example, backdoor search, identifying common errors, legibility testing, etc.)
Can the source code received be used to regenerate the software?
Yes
No
If the software is a web service written in a scripting language, can a test environment be provided?
Yes
No
Is there a deadline applicable to the assessment?
Would you be interested in our other services in the future?
NIS2 Cybersecurity Audit
ESG Reports
ISO/IEC 27001 Information Security Management System certification
Integrity audit of electronic information systems
Auditing of electronic information systems performing IT security functions
Security of industrial systems
Certification of systems used for making electronic copies of paper-based documents
Trust services under Regulation (EU) No 910/2014 (eIDAS)
Software and applications for digital archiving
Electronic signature products
Electronic signature systems
WLA-SCS:2020 Certification
Cybersecurity Certification of Info., Comm.
Gambling Operations
Other services not listed above
How did you hear about us?
VantaSec website
SZTFH website
NAH website
VantaSec LinkedIn
Professional article/event
Which professional article/event? (optional)
Professional contact
Other
If other, from where? (optional)
I have read and accept the
Terms and Conditions.
I have read and accept the
Privacy Policy.
Köszönjük!
Az ajánlatkérését sikeresen beküldte. Kollégáink hamarosan felveszik önnel a kapcsolatot.
Valami nem stimmel. Kérjük nézd át, hogy minden kötelező mezőt kitöltöttél-e!