Web Application Penetration Testing is a NourNet cybersecurity services offering that provides security testing of web applications to identify exploitable vulnerabilities such as OWASP Top 10 risks. The service is delivered using the commercial model “One-Time” and measured by “Application / Test”. It can be combined with relevant NourNet cloud, connectivity, cybersecurity, data-center, managed and professional services to form an end-to-end solution. Final sizing, architecture, price, service levels and responsibilities are confirmed through the approved quotation and service schedule.
Web Application Penetration Testing
Contact Sales
Security testing of web applications to identify exploitable vulnerabilities such as OWASP Top 10 risks.
Service Information
- Unit
- Application / Test
- Billing Model
- One-Time
- Minimum Contract
- One-time order or project engagement
- SLA
- 24x7 service desk with severity-based response and escalation targets defined in the service schedule
- Activation Time
- Scheduled based on agreed scope and resource availability
- Region
- Saudi Arabia
- Data Residency
- Saudi Arabia
Key Features
- Security controls delivered and operated by experienced cybersecurity specialists
- Integration with customer infrastructure, cloud and security platforms
- Policy, monitoring, incident and reporting capabilities aligned to the service scope
- Designed to support Saudi regulatory and organizational security requirements
- Protection against common OWASP web-application threats
- Application-layer policy, logging and managed tuning options
- Controlled testing by qualified security professionals
- Prioritized findings, evidence and remediation recommendations
- Description
- Service Details
- Additional information
- Service Scope
- Prerequisites
- Exclusions
- Compliance
Service Details
Web Application Penetration Testing is a NourNet cybersecurity services offering that provides security testing of web applications to identify exploitable vulnerabilities such as OWASP Top 10 risks. The service is delivered using the commercial model “One-Time” and measured by “Application / Test”. It can be combined with relevant NourNet cloud, connectivity, cybersecurity, data-center, managed and professional services to form an end-to-end solution. Final sizing, architecture, price, service levels and responsibilities are confirmed through the approved quotation and service schedule.
| Unit | Application / Test |
|---|---|
| Billing Model | One-Time |
| Source Category | CyberSecurity Services |
| Region | Saudi Arabia |
| Data Residency | Saudi Arabia |
Service Scope
- Technical assessment and onboarding
- Configuration of the contracted security controls or platform
- Monitoring, administration and reporting activities defined in the service schedule
- Incident escalation and vendor coordination where applicable
Prerequisites
- Approved purchase order and final technical/commercial scope
- Authorized customer contacts and timely access to required information
- Completion of security, connectivity and access prerequisites
- Customer approval of the service design and responsibility matrix where applicable
- Asset, user, log-source or data-source inventory as applicable
- Approved security policies, escalation matrix and integration access
Exclusions
- Items not explicitly listed in the contracted scope
- Third-party licenses, subscriptions or hardware unless specifically quoted
- Customer application changes, remediation or data cleansing unless included
- On-site activities, after-hours work or travel unless explicitly included
- Business-owner remediation and application code fixes unless included
- Legal representation or regulatory certification decisions
Compliance
- Designed to support alignment with applicable NCA controls and customer security requirements
- Saudi PDPL and data-residency requirements considered according to the final solution design
