ING, a global bank and our customer, approached us when looking for a trusted vendor of penetration testing services. Andersen's goal was to provide QA coverage for financial Blockchain-based software.
Performing penetration testing of the customer's web platform, infrastructure (including Wi-Fi networks), as well as code analysis for vulnerabilities.
THC Hydra, SQLmap
The project is based on blockchain technology and has quite a lot of API integrations. The infrastructure is distributed between several countries. Also, the customer didn't have a test environment - the application was tested in a productive environment, agreeing on test times (when a load is the lowest) and using techniques that could cause a service crash or decrease in performance.
Penetration testing revealed quite serious problems with arbitrary API calls without authorization, insecure account password changes, and insecure Docker infrastructure.
Nachdem wir Ihre Anforderungen analysiert haben, meldet ein Experte bei Ihnen;
Bei Bedarf unterzeichnen wir ein NDA, um den höchsten Datenschutz sicherzustellen;
Wir legen ein umfassendes Projektangebot mit Schätzungen, Fristen, CVs usw. vor.
Kunden, die uns vertrauen: