With firms expanding at a fast pace and cyberattacks becoming increasingly sophisticated, multi-billion-dollar enterprises are at serious risk. One such firm, with an aggressive business model, sought to expand its network without compromising cybersecurity and other business operations. Ebryx catered to those needs where other service providers could not.
Being a vertically-integrated media company, it had over 50 brand acquisitions with millions of subscribers generating billions of dollars in revenue. The firm’s portfolio includes major brands in technology, entertainment, commerce, health and cybersecurity.
Initially, the company attempted to utilize in-house resources, which proved insufficient due to a lack of necessary cybersecurity competencies.
The company required a system that could fit the scale of the firms they would acquire, rather than handle the current environment. They also needed a long-term strategy to allow for organizational growth and all it entailed.To keep things moving forward, the company sought external assistance.
The organization was searching for a vast talent pool because the initiative was meant to evolve in an agile manner. The company also needed to undertake penetration testing to test its security posture against realistic threats.
Ebryx is capable of simulating real-world attacks. With us, the client had easy access to a trained pool of prescreened pen testers. Ebryx’s security testing includes rigorous internal and external penetration tests under the Vulnerability Assessment and Penetration Test (VAPT) framework. We use advanced methods to uncover critical vulnerabilities in addition to Black and Gray Box pen testing.
We reduced their time-to-market by allocating resources diligently. Ebryx leveraged its global team of penetration testing experts throughout North American and European regions to build a full-time, committed team of seasoned pen testers to execute the client’s portfolio of projects.
Our pen testers conducted security assessments for web applications, APIs, external infrastructure, and mobile applications to point critical vulnerabilities. We used a testing approach that aims to find vulnerabilities and to quantify the impact of exploitation on the operational processes.
We identified the publicly accessible .git directory on multiple applications. Through this, our team discovered a potential source code disclosure along with other configurations. If not fixed, attackers could get their hands on web applications’ server-side source code. This may contain sensitive data such as database connection strings, usernames, and passwords, as well as the application’s technical and business logic.
Our team developed further attacks by investigating the source code for input validation errors and logic vulnerabilities. Following this, Ebryx worked to secure the environment from all the possible vulnerabilities and educated the company’s cybersecurity best practices.
Our pen testers were able to protect customers’ Personally Identifiable Information (PII) by identifying 100+ critical and 150+ high severity vulnerabilities. These were related to authorization, business logic flaws and server-side misconfigurations. Another 300+ vulnerabilities related to external network were also discovered.
We were able to acquire remote code execution by exploiting web and mobile APIs, which the client promptly corrected, improving the infrastructure security.
In the end, Ebryx was able to provide a long-term solution for the company’s aggressive acquisition model, ensuring that the environment was not compromised. Ebryx saved the client millions of dollars in consulting fees, travel costs, and enterprise project management. By providing valuable security assessment services on time, Ebryx secured the company’s confidence and a long-term association.
We place a great deal of emphasis on manual testing in our mobile and web penetration testing projects. Explore our Penetration Testing Services to learn more about our penetration testing process and methodology.