Accesa logo white
Cybersecurity Penetration Testing for Better Security Assurance

Cybersecurity Penetration Testing for Better Security Assurance

Ratiodata

ratiodata-logo

Ratiodata is a leading provider in the IT market in Germany with a proven track record with large enterprises and financial institutions.

Industry

  • Finance

Service

  • Cybersecurity

Company Size

1.500+ employees

Duration

2022 - Ongoing

accesa quote icon

We have used Accesa's pentesting services for several of our newly developed applications. It was important to us to have this checked by an external company. The team independently put together a large set of test cases, processed them and also supported us in resolving the findings. For us, the tests and the final report with the solved criteria were good support for documentation and primarily to ensure the optimal security of our applications. Thanks for the good work!

Frank Holtgrefe | Organisation Senior Process & Project Manager

Accesa arrow icon

Challenge

The client was confronted with an array of cybersecurity threats, making it harder to maintain a defensible security perimeter. They lacked specific competencies and specialised tools to perform Penetration Testing (Pentesting) activities and were required to provide robust security assurances to potential and existing customers in a highly regulated market.

Accesa plane icon

Solution

We offered our client Pentesting as a Service using Accesa's dedicated tools and technologies. Our specialists provided guided oversight throughout the entire process — from initial threat modelling and vulnerability identification to the execution of penetration tests and the subsequent analysis of results, identifying a total of 38 vulnerabilities.

Accesa speaking icon

Impact

We improved the security of the two tested applications and raised awareness in the company about the need for regular Pentesting activities. The project ensured conformity with the customer's internal RISK department's protocols, which enabled them to deliver their Identity Provider services and connected administration interface to customers with improved security assurance.

Project Overview

The company contracted us to help with Penetration Testing to help them with their Identity Provider authentication solution. Our testing process is both application and programming language agnostic, allowing our testers to accurately plan any testing activity's duration and resources.

The project started with a discovery phase, in which we focused on gathering all necessary information to establish the testing scope and obtain the required application access. We communicated closely with stakeholders to determine what assets were in scope for the pentest and clarify the necessary application permissions.

Next was the design phase, which covered workload and time estimations, collaboration to prepare a suitable environment for running the pentests, and formalising the project's details. We extended the initial scope regarding the IDP authentication website to also include the administrative part of the Identity Provider solution.

Next came the development phase. Our team simulated security attacks on the testing assets in scope using different techniques like scanning & reconnaissance, gaining system access, persistent access and many others. Throughout this phase, we kept close contact with the client's development team and reported any critical security vulnerabilities that required immediate resolution. At the end of this phase, we successfully delivered the complete vulnerability reports for the two applications in scope.

Finally, we had the delivery phase in which our experts presented the complete vulnerability reports for the two applications in scope to the client's development team. We also clarified the aspects presented in the reports and consulted the client on the best approach to remediate the vulnerabilities.

After the development teams addressed the vulnerabilities and provided the necessary fixes, the organisation asked us to retest to ensure the issues were resolved. The verification was very efficient as we already had the necessary scripts to validate the fixes almost automatically.

Results

After we performed the penetration tests on the two applications, we found a total of 38 security vulnerabilities: 11 for the Identity Provider platform and 27 for the administrative component, where the scope was larger. The reports also included issue details and severity rankings, demonstrations, reproduction steps and the necessary scripts and remediation proposals for each reported vulnerability.

In total, 5 high-severity vulnerabilities needed immediate resolution, and we reported them promptly to ensure the appropriate steps were taken.

We formulated actionable remediation strategies, ensuring that each identified security gap would be methodically addressed and closed. Our testing and support ensured conformity with the client's internal RISK department's protocols, which enabled them to deliver their Identity Provider and administration services to customers with improved security assurance.

GET IN TOUCH

0

WHAT HAPPENS NEXT?

1

After you submit a contact form on accesa.eu, one of our representatives will review the information and get back to you in 1-2 business days.

2

We will then assign a Technical Presales expert to have a deep dive and assess your requirements and objectives.

3

The Presales expert will work with a bid team and a Software Architect to prepare a high level project estimation and the Sales expert will provide you with a commercial offer.

We will get back to you within 1 to 2 business days. We will also provide a proposed project allocation and start date after a minimum of 15 days from the deep dive session.

Address: Constanta 12, Cluj-Napoca, Romania 

Phone number: +4989215485115