en flag +1 214 306 68 37
All-Around Security Testing for Electromagnetics R&D Company

All-Around Security Testing for Electromagnetics R&D Company

Industry
Science

About Our Customer

The Customer is an R&D company with 35 years of experience in innovating electromagnetic and acoustic solutions for military and commercial applications.

Security Testing to Uphold Cyber Protection

The Customer was looking for comprehensive security testing for its application and large-scale network. Trusting our 21 years in cybersecurity, the company turned to ScienceSoft.

500 IPs, a Web App, and 50 Emails Tested in 7 Days

Black box and gray box penetration testing

ScienceSoft's experts performed penetration testing following PTES, OWASP Web Security Testing Guide, and NIST 800-115 methodology and classified the discovered issues according to OWASP TOP 10 and NIST CVSS standards.

The project started with external testing of the Customer's public app and network comprising 5 IP addresses. ScienceSoft's pentesters performed vulnerability assessment using a combination of automated scanning and manual approach to ensure a wide coverage with zero false positives. Next, during black box pentesting, they attempted to exploit the found vulnerabilities to evaluate their potential impact. As a result, our experts revealed two low-severity issues in the Customer's web app:

  • Missing HTTP security headers that protect against man-in-the-middle (MitM), clickjacking, cross-site scripting (XSS), and other common attacks.
  • Outdated and vulnerable versions of NGINX products, jQuery, Bootstrap and other software that posed the risk of memory disclosure, untrusted code execution, and XSS.

The next stage was internal pentesting of the Customer's private network of 495 IP addresses. ScienceSoft's team followed the gray box approach to imitate the actions of an attacker who gained user access to the targets. As a result, the pentesters revealed 4 low-severity issues:

  • Outdated and vulnerable versions of OpenSSH, MySQL, Apache HTTP Server, and other software posing the risk of attacks like denial of service (DoS) and request smuggling.
  • Insecure protocol versions TLS 1.0 and TLS 1.1 supported by several remote services that could allow information disclosure.
  • Access to the FTP server without credentials that could be used to fetch potentially sensitive data or facilitate a DoS attack.
  • Weak cryptography that posed the risk of MitM attacks against SSH and TLS connections and subsequent sensitive data leakage (e.g., session key, session messages, and HTTPS cookies).

The pentesting confirmed the high security level of the Customer's web application and networks and revealed only a few non-critical vulnerabilities. To address the weaknesses and further enhance the Customer's cyber defense, our experts suggested corrective measures, including:

  • Configuring the missing security headers, such as Strict-Transport-Security and Content Security Policy.
  • Updating the obsolete and vulnerable software to its latest version and hiding the software versions.
  • Implementing brute force protection (e.g., adding CAPTCHA, limiting failed login attempts).

After the Customer applied the fixes, ScienceSoft retested the app and validated the successful remediation.

Social engineering testing

Based on the publicly available information about the company, ScienceSoft's pentesters prepared and ran several phishing attack scenarios against 50 corporate email addresses. They sent emails with "malicious" URLs (showing if the user followed the link), executable files (showing whether the user downloaded and installed them), and fake invitations and forms. However, the Customer's employees followed the safety precautions and ignored the phishing emails.

Confidence in Heightened Security and Employee Vigilance

The black and gray box penetration testing of 500 IPs and a web app confirmed the efficiency of the Customer's security controls and provided insights into further security enhancements. The social engineering simulation against 50 emails proved the employees' high cybersecurity awareness.

Thanks to the optimal blend of manual and automated testing, ScienceSoft's team completed vulnerability assessment, pentesting, and social engineering testing in just seven days. The detailed recommendations allowed the Customer to quickly remediate the discovered non-critical vulnerabilities and gain full confidence in its application and network cyber resilience.

Technologies and Tools

Nessus, Acunetix, Burp Suite, Nmap, SSLScan, DirB, CrackMapExec, smbclient, SSHscan, ldapsearch, NBTscan, rpcclient, SMBMap, PHP, Bash, Python, Powershell.

Have a question to our team or need help with your project?

Our team is ready to provide client references, estimate your project, or answer any other question related to your IT initiative.

Upload file

Drag and drop or to upload your file(s)

?

Max file size 10MB, up to 5 files and 20MB total

Supported formats:

doc, docx, xls, xlsx, ppt, pptx, pps, ppsx, odp, jpeg, jpg, png, psd, webp, svg, mp3, mp4, webm, odt, ods, pdf, rtf, txt, csv, log

More Case Studies