Trustwave is to extend its security services to include application penetration testing.

The company, which specialises in payment card industry (PCI) compliance, already offers services like secure email and forensics. It also offers more covert services like electronic surveillance and the investigation of industrial espionage.

Trustwave's application pen-testing services are aimed to highlight exploitable vulnerabilities in corporate web-based apps. Tests include logic flaws, input validation, buffer overflow, cross-site scripting, URL manipulation and SQL injection, the company said.

Trustwave also plans a service in which it will work with internal developers to improve the development process. It will additionally conduct inspections of application source code.

The services will be led from the company's SpiderLabs security teams in Chicago and London.