Collaboratively, we determined that a closed-box penetration test was the most appropriate approach to align with the client's cyber security roadmap. This engagement spanned four weeks and aimed to uncover critical security issues that could impact the application's users and the organisation as a whole.
The client provided our team with a dedicated testing environment, user and admin account credentials, API documentation, and walkthroughs of the application. This deep dive into the application's functionality allowed our consultants to understand user journeys, logical processes, and the application's normal behavior. This foundation provided valuable context before embarking on the offensive aspects of the penetration test.
Secure communication channels were established with our client to facilitate ongoing discussions, urgent security findings, and direct contact with our consultants and developers. This communication framework ensured that our team thoroughly comprehended the application they were testing.
In the initial days of the penetration test, our consultants quickly identified critical security weaknesses that led to the penetration of the organisation's internal cloud network perimeter. These vulnerabilities, previously undetected in prior tests, had potentially existed in the codebase for an extended period. This early discovery underscored the importance of a comprehensive, closed-box penetration test.
As the test progressed, several more critical and high-severity vulnerabilities were uncovered, each with the potential to significantly impact the client's business. To ensure the client was well-informed, our team provided live demonstrations of these vulnerabilities, along with ongoing threads for each identified security issue. This proactive approach allowed the client to begin addressing these issues before the formal penetration test report was even delivered.
The final penetration test report included detailed findings, executive summaries, and an overall assessment of the security status of the web application. The client expressed overwhelming satisfaction with the report's thoroughness and the actionable results it provided. By taking a proactive approach to security, the client was able to address these issues and enhance the security of their globally-used web application, ultimately protecting their customers and their business.
If you have any questions about this case study, please contact our offensive team.
