PENETRATION TESTING OF A WEB SERVICE*
Chilean technological company
Challenge
The customer is a well-known Chilean technological company providing system integration solutions to support logistics processes of 100+ companies from different sectors.
Customer requested “ethical hacking” external penetration test for the critical web-application using “Blackbox” methodology in order to address vulnerabilities in applications and make web environment more secured.
Solution
GDC Services team performed vulnerability analysis of URLs on the network & platform level, as well as successfully provided the requested penetration test.
1. OWASP Application Security Verification Standard was chosen as main framework which contains security requirements and maintains a list of the 10 most dangerous Web application security holes, along with the most effective methods to address them.
2. Experts performed:
- reconnaissance (port scanning, open-source intelligence);
- vulnerability analysis (identification of assets and threats;
- discovery of the security breaches);
- exploitation (web application attacks);
- post exploitation (privilege escalation, collecting system info).
Results
In just a month the GDC Services team provided the following deliverables- Prevention of unauthorized access and privilege escalation. One High vulnerability was identified.
- Prevention of exposure of data or unintended code execution. Three Medium and three Low vulnerabilities were identified.
- Detailed report with mitigations on the elimination of all vulnerabilities according to GDC’s recommendations.
- The Company identified its ability to detect an attack and react appropriately.
