Pentesting That Prevented Client Data Theft and Financial Losses
About Our Customer
The Customer is an IT company offering a telemetry analytics and observability platform for managing infrastructures, networks, and applications.
Expertise Is Needed to Reliably Assess Security Posture
The company was looking for an experienced vendor to evaluate the cyber protection of its IT assets and client data. Trusting our 20+ years in cybersecurity, the Customer turned to ScienceSoft.
Black and Gray Box Pentesting of Applications and Networks
After carefully analyzing the Customer’s case, ScienceSoft assembled a team of three penetration testers to examine the external and internal networks and a web application for its telemetry and observability platform. The testing activities were based on the PTES, OWASP Web Security Testing Guide, and NIST 800-115 best practices. The identified vulnerabilities were assessed and classified according to OWASP TOP 10, NIST CVSS, and MITRE risk score frameworks.
External pentesting
To verify the Customer’s public-facing web application and network, ScienceSoft’s pentesters applied black box and gray box approaches.
They started with comprehensive research of the targets using open-source intelligence (OSINT) techniques to gather the maximum of publicly available information that hackers could use (e.g., domain names, IP ranges, and exposed sensitive data). Based on the collected intelligence, the team identified potential threats and prioritized possible attack vectors and scenarios.
During vulnerability assessment, our experts scanned the target network and application and manually validated the detected security weaknesses to eliminate false positives.
To exploit the verified vulnerabilities and evaluate their severity, ScienceSoft’s team performed black box pentesting, including input data manipulation and brute force simulation. Although our testers did not gain unauthorized access to the Customer’s network, some targets had vulnerabilities that a hacker could exploit to access the telemetry platform’s user accounts, functionality, and services potentially leading to theft of sensitive data (e.g., the platform users’ credentials, personal data, and financial information).
The next stage was gray box pentesting. Having user credentials, ScienceSoft’s team further explored the vulnerabilities by acting as a malicious actor who gained user access to the target web application.
During the external pentesting, ScienceSoft revealed security misconfigurations, as well as brute-force, user enumeration, and cross-site scripting (XSS) vulnerabilities. To seal these gaps, our experts provided remediation advice, including:
- Configuring CORS and Set-Cookie headers to protect sensitive information and user session data. Additionally, this measure would limit the reach of XSS and CSRF attack vectors.
- A strong password policy, rate limiting for authentication endpoints, and account lockout or captcha mechanism to prevent brute force attacks.
- Ensuring that responses on authentication requests (e.g., Login and Forgot password pages) are the same for existing and non-existing users to mitigate user enumeration attacks. Otherwise, differing HTTP responses could aid an attacker in enumerating the existing users when valid and invalid usernames are entered.
- Implementing input validation and sanitization to prevent XSS attacks.
Internal pentesting
ScienceSoft’s team examined the Customer’s private network (26 IP addresses) using the gray box approach. Our experts revealed poor authentication and identification mechanisms, SSH misconfiguration, and a deprecated network protocol. To fortify the network security, the pentesters recommended corrective actions, such as:
- Implementing role-based access control and a strong password policy for internal services.
- Configuring strong SSH algorithms and removing deprecated cryptographic settings.
- Using TLS 1.2 and TLS 1.3 protocols instead of the deprecated and vulnerable TLS versions 1.0 and 1.1.
Severe Business Repercussions Prevented
ScienceSoft’s team analyzed the testing results and drew up a security assessment report detailing the activities conducted, methodologies and tools used, vulnerabilities with their potential impact, and remediation recommendations.
ScienceSoft revealed that the Customer’s application and networks had security issues that could lead to data breaches and financial losses. Our remediation advice helped the company fortify its security posture, which was confirmed during a retest round.
Technologies and Tools
Acunetix, BurpSuite, SSLScan, Nmap, DirB, Nessus, PHP, Bash, Python, PowerShell.