Through discussions with the client, we decided that a grey-box penetration test was the most appropriate approach to align with the client's budget and cybersecurity roadmap. This engagement spanned three days and aimed to uncover critical security issues that could impact the application's login page and authentication flow.
The client provided Secure Impact with a dedicated testing environment, alongside user accounts. No walk-through of the application was required as our team were already familiar with the platform from previous engagements.
Secure communication channels were established between Secure Impact and the client to facilitate ongoing discussions, raise urgent security findings, and direct contact with our consultants and developers. This communication framework ensured that our team thoroughly comprehended the application they were testing, and the client was informed about our testing activity, live.
During the engagement, our team discovered multiple vulnerabilities, several of which would not have been located without credentials to the content creation platform, emphasising the increased coverage this style of assessment brings.
The final penetration test report encompassed detailed findings, executive summaries for senior stakeholders, and an overall evaluation of the security status of the content creation platform. The client expressed immense satisfaction with the report's thoroughness and the actionable results it provided. They were able to remediate these issues utilising the advice provided and enhance the security of their widely used web application, ultimately protecting their customers and their business.
If you have any questions about this case study, please contact our offensive team.