We are a software company that have a web app that we need to have some PEN tests carried out on. This is a web only system and we need software testing not server security.
We want to arrange an independent test to see if the web software system security is good, bad, or ugly and find weaknesses and vulnerabilities.
We can give login name and passwords so that tests can be carried out while logged in and also not logged in.
The software is written using ASP.net, some Java, uses a SQL backend and Devexpress.