Penetration testing and security audit of a web application
Overview
Industry
Location
Software and IT services
Poland
Technology Used
AppServices
Azure
PTES
Client background
One of leading Polish software and IT services company with branches worldwide.
Project overview
Our team was asked to conduct a security audit and enhance web application security, collaborating closely with the project team to ensure the solution architecture was robust and resilient against potential threats. The main objective was to guarantee that the system we developed followed the highest security standards and mitigate any possible threats or vulnerabilities. To achieve this, we conducted penetration tests using the “white box” technique, concentrating on the OWASP Application Security Verification Standard (ASVS) to verify the system’s resilience against typical web application security risks. The project’s scope included verifying typical vulnerabilities listed in the OWASP TOP 10 (Top 10 Web Application Security Risks) using dedicated tools and manual tests, attempting to enumerate users and URLs using Burp Suite, conducting web application testing with OWASP ZAP, verifying vulnerability using the Metasploit Framework and undertaking authentication mechanism verification. Additionally, the configuration of servers and infrastructure elements was assessed against CIS Benchmarks documents, with necessary corrections implemented to enhance security posture.
Results
Enhanced authentication security
a thorough audit resulted in the implementation of additional security measures
mproved infrastructure security
server configurations and infrastructure elements were aligned with industry best practices outlined in CIS Benchmarks
Eliminating vulnerabilities
Subsequent tests conducted after implementing changes confirmed the resolution of identified vulnerabilities
We'd love to hear from you!
Fill out the form - we'll get back to you as soon as possible
