Pentest y Escenarios Especiales Gran Empresa de Marketing Digital
The client hired us to make the annual penetration testing of his platform, after being convinced of the quality of our technicians in manual pentesting.
The project had 2 parts: the first one was the classic pentest of the platform which took 14 days, and the second part was building special scenarios to test the security infrastructure, which took another 14 days. The classic pentest was rewarded with 20 vulnerabilities and the special scenarios attained their goal of making the platform unstable and vulnerable. From a technical perspective, the most critical vulnerabilities we've identified were two Server-side Request Forgery vulnerabilities, which allowed us to gain access to unprotected internal infrastructure and sensitive information. We've also identified several Cross-site Scripting vulnerabilities, which we could leverage for session hijacking. There was not a test platform designed for this test thus Cyber Dacians had to take extra care in not damaging the infrastructure in any sort and affecting the customers.
The client was very happy with the outcome and we offered retesting after his technical team solved the issues. The communication was kept on Slack and their CISO was constantly updated to the findings.
Nuestra red global de CyberOficinas: