PenetrationTestingQualityEngineeringSecurityTestingSoftwareTesting
Security is on everyone’s mind now, more than ever. High profile cyberattacks and ransomware are now a daily occurrence in our news feeds. While there are tools out there to assist with penetration testing, there are issues that only a security specialist is unable to uncover.
A recent example of this was with a Planit customer, a major logistics company, who had performed an internal penetration test using off the shelf software and approached Planit to validate their results. The review uncovered that all testing was performed in the UAT environment that did not have the same high availability configuration as production. This raised a red flag for our experienced consultants who encouraged the customer to perform additional validation on their production infrastructure.
Critical unauthorised access issue uncovered by penetration testing.
Issue immediately resolved by the delivery team.
During manual testing, a high severity defect was discovered as a direct result of the high availability configuration. This setup exposed a vulnerability in the authentication mechanism and allowed the Planit security team to manipulate login sessions to gain full control of the website. Had this issue been exploited in production, it would have caused a significant loss of revenue and reputation for our customer.
This issue would not have been detected if the website was simply tested in a UAT environment, or via automated tools alone. It was the in-depth nature of our penetration testing, and years of experience that enabled us to uncover this potentially critical issue.
Luckily for our client this issue was discovered before go-live and were able to quickly resolve the issue for retesting as Planit provided detailed steps to reproduce the vulnerability.
If you have critical applications, Planit strongly recommends that you augment your automated penetration testing tools with experienced security consultants to ensure that you aren’t left vulnerable.
We use cookies to optimise our site and deliver the best experience. By continuing to use this site, you agree to our use of cookies. Please read our Cookie Policy for more information or to update your cookie settings.
