Penetration testing. Case Studies
If we are able to automate security and testing tooling, we can incorporate it at every stage of the agile cycle, and improve outcomes for security, test and the development teams.
talk to an expertCase studies of our team’s past projects provide an insight into our services and are an example of how our experience may be relevant to your case.
When it comes to quality and security, people are your strongest asset — ours too. We are proud of our team and what we do and have decided to partially share our past projects and cases to provide our customers with a behind-the-scenes look at our process and our past experience. We made sure all cases are anonymous and do not disclose any confidential information, but still provide valuable insight.
Case study: Social engineering
Social engineering: it was possible to achieve persistent internal access, exfiltrate confidential and personal information, and compromise infrastructure.
Case study: Payment processing API penetration testing
Penetration test: complete compromise of the transaction processing API, which allowed to initiate unsolicited payments on behalf of other registered customers.
Case study: Web application compromise
This case is a very good example why manual penetration tests are valuable – the team achieved compromise without administrator access to the application, not using any known exploits or discovering injection/deserialization/other RCE flaws. The…
Case study: Internal adversary simulation
The adversary simulation activity allowed the security team to demonstrate a complete compromise path while not using any usual, “exploitable” vulnerabilities. Instead, the attackers relied on human factor, weak password policies and password reuse, service…
