Assessing Potential Vulnerabilities For A Multi-Billion-Dollar Firm

With firms expanding at a fast pace and cyberattacks becoming increasingly sophisticated, multi-billion-dollar enterprises are at serious risk. One such firm, with an aggressive business model, sought to expand its network without compromising cybersecurity and other business operations. Ebryx catered to those needs where other service providers could not.

About the Firm

Being a vertically-integrated media company, it had over 50 brand acquisitions with millions of subscribers generating billions of dollars in revenue. The firm’s portfolio includes major brands in technology, entertainment, commerce, health and cybersecurity.

The Challenge Customer Faced

Initially, the company attempted to utilize in-house resources, which proved insufficient due to a lack of necessary cybersecurity competencies.

The company required a system that could fit the scale of the firms they would acquire, rather than handle the current environment. They also needed a long-term strategy to allow for organizational growth and all it entailed.To keep things moving forward, the company sought external assistance.

The organization was searching for a vast talent pool because the initiative was meant to evolve in an agile manner. The company also needed to undertake penetration testing to test its security posture against realistic threats.

Why Client Chose Ebryx

Ebryx is capable of simulating real-world attacks. With us, the client had easy access to a trained pool of prescreened pen testers. Ebryx’s security testing includes rigorous internal and external penetration tests under the Vulnerability Assessment and Penetration Test (VAPT) framework. We use advanced methods to uncover critical vulnerabilities in addition to Black and Gray Box pen testing.

How Ebryx Responded

We reduced their time-to-market by allocating resources diligently. Ebryx leveraged its global team of penetration testing experts throughout North American and European regions to build a full-time, committed team of seasoned pen testers to execute the client’s portfolio of projects.

Our pen testers conducted security assessments for web applications, APIs, external infrastructure, and mobile applications to point critical vulnerabilities. We used a testing approach that aims to find vulnerabilities and to quantify the impact of exploitation on the operational processes.

We identified the publicly accessible .git directory on multiple applications. Through this, our team discovered a potential source code disclosure along with other configurations. If not fixed, attackers could get their hands on web applications’ server-side source code. This may contain sensitive data such as database connection strings, usernames, and passwords, as well as the application’s technical and business logic.

Our team developed further attacks by investigating the source code for input validation errors and logic vulnerabilities. Following this, Ebryx worked to secure the environment from all the possible vulnerabilities and educated the company’s cybersecurity best practices.

The Results

Our pen testers were able to protect customers’ Personally Identifiable Information (PII) by identifying 100+ critical and 150+ high severity vulnerabilities. These were related to authorization, business logic flaws and server-side misconfigurations. Another 300+ vulnerabilities related to external network were also discovered.

We were able to acquire remote code execution by exploiting web and mobile APIs, which the client promptly corrected, improving the infrastructure security.

In the end, Ebryx was able to provide a long-term solution for the company’s aggressive acquisition model, ensuring that the environment was not compromised. Ebryx saved the client millions of dollars in consulting fees, travel costs, and enterprise project management. By providing valuable security assessment services on time, Ebryx secured the company’s confidence and a long-term association.

We place a great deal of emphasis on manual testing in our mobile and web penetration testing projects. Explore our Penetration Testing Services to learn more about our penetration testing process and methodology.

Share the article with your friends

Related Posts

Blog
Posted by Editorial Staff Cloud technology has revolutionized business. In the age of lightning fast connectivity and communication, productivity and innovation have soared. Unfortunately, cloud environments are vulnerable to attack
May 22, 2023
3 Min Read
Blog
Posted by Editorial Staff In mid 2021, an organization in the telecommunication sector suffered a breach in their cybersecurity. Hackers compromised the company’s online services to target their end-users– putting
May 22, 2023
3 Min Read
Blog
Posted by Editorial Staff In late 2018 cybercriminals conducted a multimillion-dollar raid on a mid-sized bank. In the chaotic aftermath of the breach, one of the country’s largest banking consortium
May 22, 2023
3 Min Read

Have questions?
Let's talk.

Ebryx experts are ready to answer
your questions.

Contact us