Web Application and IT Infrastructure Penetration Testing for a US Food Producer
About Our Customer
The Customer is a large US food producer. This holding company brings together several farms and has over 1,000 employees. Thanks to its agricultural experience and innovative and responsible approach to farming, the Customer delivers high-quality products and ranks among the national leaders in its field.
Complex IT Infrastructure Required Thorough Pentesting
The Customer understands that as a big and prosperous business, it is an attractive target for cybercriminals. Aware of the potential financial losses and business disruptions that a cyberattack may cause, the Customer strives to consistently improve its cyber defense and security management. The in-house IT team regularly uses automated vulnerability scanning tools to detect any security weaknesses in the corporate applications and IT infrastructure.
However, the Customer wanted to involve skilled cybersecurity professionals to manually validate the existing vulnerabilities and determine which of them were likely to be exploited in real-world attacks. The Customer was looking for a competent security services provider who could perform thorough manual penetration testing of its complex IT environment. The testing targets included web applications, the internal network (32 VLANs in different locations), web servers, a Wi-Fi access point, SQL databases, an Active Directory, and public IP addresses and web services.
Gray Box Penetration Testing Revealed Critical Security Flaws
As a cybersecurity vendor with 19 years of experience, ScienceSoft was among the candidates the Customer shortlisted for the project. After the first contact with ScienceSoft's team, the Customer appreciated our comprehensive and to-the-point answers to all inquiries. An impressive list of our partners, including Oracle, AWS, Microsoft, Salesforce, as well as the prominent customers, such as Walmart, Nestle, eBay, and NASA, also weighed in ScienceSoft's favor.
Considering the extensive testing scope, ScienceSoft assigned four experienced pentesters to the project. The Customer wanted to investigate what actions potential intruders could undertake and what harm they could inflict in the following cases:
1) When attackers don't have any initial information about the Customer’s web applications and IT infrastructure.
2) When attackers get low-privileged user access.
3) When they get local admin rights.
Therefore, ScienceSoft's team started with black box pentesting of 4 public web services and 30 public IP addresses. Following the tests, they were glad to report that the targets didn't contain any severe vulnerabilities that a potential attacker could exploit.
After that, the team performed gray box testing of 7 web applications, 2,000 internal IPs, an Active Directory, and a Wi-Fi access point. At this stage, our pentesters were provided with user credentials and local admin rights, and the team established that the Customer's apps and IT infrastructure were vulnerable to potential cyberattacks. The most critical findings included:
- A web application leaking sensitive information. ScienceSoft’s pentesters were able to send an unauthenticated request that allowed them to download a .zip archive with confidential information about the app (its compiled code, configuration files with tokens, passwords, and more). In particular, the team found LDAP credentials that enabled unauthorized access to the customer’s IT infrastructure. To prevent this scenario, ScienceSoft’s team recommended restricting access to sensitive information.
- Unauthenticated access to the VNC server, which could enable a potential attacker to gain remote control of the computers in the network. ScienceSoft’s team urged the Customer to set up a reliable password to connect via VNC.
- Lacking brute-force protection: due to the unrestricted amount of login requests, it was easy to launch automated attacks against the web application and retrieve user credentials. ScienceSoft’s security testers recommended adding a CAPTCHA and blocking a user account for a period of time after several failed login attempts.
ScienceSoft’s team delivered a final report describing the detected vulnerabilities, the pentesting methods and tools used, and the necessary corrective measures. They also gave clear answers to the Customer’s specific security concerns. In particular, they provided their conclusions on the possibility of breakout access to production and management VLANs from the main data VLAN or default user VLANs, data leaks from SQL databases and file servers, or unauthorized remote access to the servers.
ScienceSoft’s security experts outlined the optimal next steps to check and improve the protection of the Customer’s IT environment. They recommended conducting white box testing of the web applications as well as social engineering testing to check the employees’ resilience to phishing attacks.
Enhanced Security of Web Applications and IT Infrastructure
Thanks to comprehensive penetration testing performed by ScienceSoft, the Customer received manual validation of the existing security flaws in its IT environment. As a result, the company learned about several critical security loopholes that couldn’t be discovered via automated tools alone. Following ScienceSoft’s remediation guidance, the Customer’s in-house team quickly fixed the critical vulnerabilities and significantly enhanced the company’s cyber defense.
Technologies and Tools
Metasploit, Wireshark, Nessus, Nmap, Masscan, Wifite, Acunetix, SQLmap, SSLscan, Dirb.