Penetration Testing of a Web App and Public IPs for an AI AdTech Company
About Our Customer
The Customer is an artificial intelligence company that uses the power of machine learning and computer vision to improve targeting and engagement for advertising campaigns. The Customer’s products and services have helped businesses across 20 countries increase their sales and revenue.
First Independent Pentesting
Understanding that unfailing performance and user data safety are crucial for the success of its solutions, the Customer is building a comprehensive security strategy. Among the first steps to address potential risks, the company had planned independent penetration testing of its web application and public IPs. As the Customer’s internal IT team had many questions about pentesting and security best practices, they were looking for cybersecurity experts who could give clear and insightful answers to all their inquiries. Another crucial factor was the vendor’s practical experience with AI and ML technology.
Black Box Pentesting to Address Urgent Security Issues
ScienceSoft’s experts eagerly provided recommendations and explanations to help the Customer’s team understand the penetration testing process and make informed decisions. In particular, our team suggested opting for the black box approach: it would help quickly identify high-risk areas that needed immediate attention.
To simulate a real-world external attack, ScienceSoft's security engineers used open-source tools and intrusion techniques employed by hackers. First, they searched for potential entry points that could be exploited to compromise the web application and public-facing infrastructure components. ScienceSoft's ethical hackers employed mapping tools to identify open ports and services running on those ports and collect information about their versions and configurations. Then, they scanned the targets for known vulnerabilities, such as missing patches or insecure settings. Using a range of techniques (including web crawling, spidering, and fingerprinting), ScienceSoft's testers explored the structure and content of the web application and its underlying technology stack. They also attempted to exploit vulnerabilities to assess the potential damage a skilled attacker could inflict. In addition to automated scans, the team conducted manual tests to uncover more complex security issues and better understand the existing security weaknesses.
The testing revealed several critical security issues that could enable unauthorized access to the Customer’s IT assets. They included:
- Missing access control. While analyzing the web server directory listing, the testers found important sensitive information, such as user IDs, names, job titles, emails, and office locations. It was also possible to change this user info without authorization. Cybercriminals could exploit this vulnerability for identity theft, account takeover, and spear-phishing attacks.
- Insecure cryptography. A remote host was using weak 64-bit block ciphers. As a result, an intruder could decrypt sensitive information, e.g., secure HTTPS cookies, which could be used to hijack authenticated sessions.
- Unencrypted transmission of user credentials. An attacker could steal the credentials when intercepting the network traffic.
- Brute-force vulnerability. An unlimited number of unsuccessful login attempts could allow a potential intruder to get hold of user accounts. Knowing a user’s login, hackers could brute-force the password (trying every possible combination of letters, numbers, and symbols until they found the correct one).
Following the pentesting process, ScienceSoft’s team prepared an executive summary with the project highlights. They also compiled a detailed report on the findings and the required corrective measures. To fix the critical security issues, our cybersecurity experts recommended:
- Disabling the directory listing and configuring the web server to restrict access to sensitive information.
- Configuring the web server to disable weak ciphers.
- Ensuring that the web server transmits user credentials only via an encrypted connection (HTTPS).
- Restricting the number of failed authentication attempts.
After the Customer’s team fixed the security issues in the web application and IT infrastructure, ScienceSoft performed another testing round and confirmed that the targeted IT assets now had a high level of security.
Prompt Security Upgrade
Thanks to the pentests performed by ScienceSoft, the Customer got practical evidence of how well its web application and public IT infrastructure components could withstand external attacks. A detailed report on the detected cybersecurity issues allowed the Customer’s team to eliminate the weaknesses before they resulted in data breaches, business disruptions, or reputational losses.
Technologies and Tools
Metasploit, Wireshark, Nessus, Burp Suite, Acunetix, Nmap, Zenmap, Hydra