Pentesting

Looking for web application penetration testing in Sydney, Brisbane, Melbourne or Australia wide?

We are an experienced team of web application penetration testers. We have successfully completed projects for big and small clients all over the country.



These days 70% of attacks are done via web applications because of their complexity and interactivity. Security flaws can lead to unauthorised access to your networks and systems; application information disclosure; and other critical risks.

We test the applications manually as well as with use of customised automated tools and scripts which make our work more efficient.

Our methodology is based on the following list of checks:

  • Injection
  • Broken Authentication and Session Management
  • Cross-Site Scripting(XSS)
  • Insecure Direct Object References
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Missing Function Level Access Control
  • Cross-Site Request Forgery (CSRF)
  • Using Components with Known Vulnerabilities
  • Unvalidated Redirects and Forwards

The WellSecurity approach to pentesting is not only based on OWASP (Open Web Application Security Project) but it is extended with our own unique list of tests which contains over 300 checks. The list is updated on a daily basis as new vulnerabilities are found.

We are also experienced at penetration testing web applications and infrastructures for clients in Melbourne, Brisbane and customers all over the country, in order to achieve the PCI DSS Compliance.

Our engineers are passionate (ethical) hackers and enjoy their work which keeps WellSecurity in the forefront of pentesting companies in Sydney and Australia wide.

During the penetration testing we will identify and exploit the vulnerabilities of your web applications.

After the testing we will prepare a well-structured, easy to read report and provide additional explanation as required with a presentation about our findings.

Other companies are performing vulnerability assessments and then claim that they have done penetration testing. Real world attacks are much more varied and not limited to automated scans. Since WellSecurity is familiar with real world attacks and deals with them on a daily basis we are prepared and experienced enough to perform proper penetration tests.

We understand that in some cases the budget for a pentest is limited – contact us and we will find a win-win solution.

Internal/External Penetration Testing

WellSecurity is a well-recognised company for internal and external pentests. We are happy to perform internal testing in the clients offices as well as via VPN.

Internal and external pentests are performed with the same tools and approach – only the way we are accessing your network varies.

Our set of tools includes but is not limited to: metasploit, openvas, nmap, customised exploits, in-office-developed scripts and exploits available on-line.

It is quite common that an exploit needs to be modified in order to make it work in a particular case. This is when our security engineers programming skills are in action.

Internal penetration testing is the type of test where our engineer is sitting inside your network and is looking for vulnerabilities within the Intranet. His main focus is to exploit critical vulnerabilities for production environment servers, firewalls, routers etc.

This kind of testing is performed in order to avoid internal hacks from malicious employees, contractors who have access to your network and to measure the overall security condition of your internal network.

External penetration testing is the type of testing where WellSecurity is trying to exploit your servers, firewalls and other internet facing devices from over the internet.

Once we get access to your network we will keep working and see how much information we can extract during the exploitation process.

Vulnerability assessment

Vulnerability assessment is a pre phase of pentesting. It can be performed as a separate project to pinpoint the vulnerabilities and estimate their severity.

Vulnerability assessment consists of scans and manual vulnerabilities discovery. The main difference between a vulnerability assessment and a pentest is that during the vulnerability assessment we do not attempt to exploit the vulnerability. We are proving that they exist and explain them in the report.

If you have any additional questions or would like to arrange a meeting with one of our security engineers contact us. We offer penetration testing to clients in Brisbane, Melbourne Sydney and Australia wide, and we can help you too.