Protecting client’s reputation by removing security vulnerabilities

Industry: Marketing Systems

Services

  • Grey Box Web Application Penetration Testing

Technologies

  • Apache HTTP Server
  • Bootstrap
  • MySQL
  • PHP

Background

Reputation is everything, especially for a well-respected international firm. An application that has gaps in its security can not only cause reputational damage but also lead to leaking of important private data and consequently cause financial damages and loss of clients’ trust. To avoid that, you need to make sure your product is hack-proof.

Client

The client is an international marketing service firm that provides winning strategies and execution for industry leaders.
Challenge image

Challenge

Client data security and compliance requirements that the firm received from a very prominent customer, gave them a push to review their security and conduct application security testing and build a solid security assurance process to avoid similar issues in the future. 

Solution

Based on the client requirements received and a 2-week deadline, the penetration testing team has conducted the following:  

 From the business perspective 

  • Evaluated the current level of business and platform security. 
  • Identified gaps in current cybersecurity posture and checked IT environment for weaknesses. 
  • Provided an accurate evaluation of the security level after the remediation phase. 

From technical perspective 

  • Tested application with initial access (unprivileged user profile) from attackers’ perspective. 
  • Detected and gave recommendations on fixing security issues to protect sensitive data, users’ money and company reputation.  

To conduct penetration testing, the following methodologies were used: 

  • Penetration Testing Execution Standard.
  • OWASP Testing Guide.
  • Open-Source Security Testing Methodology Manual.
  • Information Systems Security Assessment Framework.
  • A Web Application Hacker’s Methodology.
  • SANS 25 Security Threats.

 

Testing has revealed some low and medium priority vulnerabilities, as well as high and critical issues.  

Hacking scenario has been constructed to see if a potential attacker could gain full access of the system. As a result, some critical vulnerabilities had been found that could potentially lead to accessing clients’ data, including credit card information.  

At the remediation phase, security engineers worked in a close collaboration with the client’s development team to mitigate all found vulnerabilities and apply best security practices.  

Result

Result

Aa a result, the client received a comprehensive report covering all found vulnerabilities and providing recommendations on the best mitigation ways.  

The firm was able to meet the highest level of compliance and regulation standards, develop better security practices.