Nokia wanted to leverage security engineering expertise to conduct ethical hacking on an application to expose vulnerabilities and security flaws. They wanted to test the strength of the implemented security and update it with help of black box penetration testing to maintain compliance and ensure user trust and business continuity.
It was essential for Nokia to identify where vulnerabilities still lie and expose them to prevent the business from cyber risk. Hence, the scope is determined to test the application against black box penetration testing on the grounds of external, network, and web application pen tests. They needed a team of expert security engineers who could understand the business domain and plan and perform testing with minimum help.
Solution & Outcome
As the scope was defined to perform black-box pen tests, our security engineers left with their skills and expertise to exploit the application with ethical hacking practices and expose security flaws. Right from planning and preparation to fieldwork, we abide by IT security standards and compliance such as OWASP, ISSAF, SANS, and others. We took control over the servers, identified vulnerabilities to the extent of a hacker’s ability to manipulate the system, and prepared the report with step-by-step remediations. We divided security flaws and vulnerabilities into high, medium, and low impact as SQL injection, XSS, XXE, Missing Authorizations, user brute-force, input validations, and many others. Our engineers shared a details penetration test report compiled explicit information, including security risk levels in order of priority and non-technical terms, defining how the risks could affect business continuity. Successive engaged Nokia on a controlled offensive/defensive threat detection challenge that provided them additional days to identify and remediate active threats within their applications for assured security. Our efforts brought upper management awareness of security threats, enabled Nokia to tighten the security posture, and provided them interoperability while ensuring data security and improved compliance.
Burp Suite, Whatweb, Nmap and Dirbuster