Overview

PenTest and Vulnerability Assessment on critical network assets, points and devices.

Challenge

A company with a significantly large customer base and thousands of employees, with a large database of sensitive data (including financial information) is an appealing target for intruders.

To ensure that the existing security measures are effective enough to protect all the assets from unauthorized access, the Customer decided to evaluate the security level of network assets, systems and their public web applications; identify possible vulnerabilities and propose remedial actions with timeline.

Solution

A team of 5 penetration testers was commissioned for this project. Penetration Testing & Vulnerability Assessment was conducted in 2 phases:

• Testing of the public web applications. 25 web apps were selected for this test. Business website, subscribers’ web portals and internal applications for employees.

• Testing of the network perimeter. 5 targets, 3000 IPs were selected for this including domain name servers (DNS), mail servers, firewalls, IPS etc.

Results

A technical description of the detected system vulnerabilities with
associated severity level based on business impact was shared with the client. Also, actionable recommendations to eliminate the revealed security issues, as well as strategic measures to secure the company’s resources were also included.

Upon receiving the report the customer resumed implementing the recommendations and eliminating the detected issues. The penetration testing helped evaluate the readiness of the company to recognize an attack and take prompt security measures to eliminate the possible negative impacts.