Penetration Testing of a Network Automation Platform
Customer
The Customer is a US-based IT product vendor providing network automation. It offers intelligent automation solutions for networks of different sizes and complexity, including cloud networks, to improve their performance and streamline network management.
Challenge
Dedicated to ensuring the full security of its clients' data, the Customer puts great effort into staying compliant with SOC 2. To meet the standard's requirements, the Client undergoes regular penetration testing of its software and IT infrastructure.
For a scheduled checkup of their network automation platform, the Customer was looking for a security testing vendor with vast experience, advanced skills and knowledge of latest pentesting tools.
Solution
With 19 years in cybersecurity, a vast security testing portfolio, and Certified Ethical Hackers on board, ScienceSoft won over the other vendors the Customer was considering.
To meet the Customer's time and budget expectations, ScienceSoft's team decided to test the network automation platform according to the gray box method. Our testers were provided with API documentation and a test account that allowed the creation of new users within the platform. The team planned and conducted the pentests according to OWASP Web Security Testing Guide.
ScienceSoft's Certified Ethical Hackers scanned the web platform for vulnerabilities and exhausted all the potential ways for a malicious actor to break through the Customer's cyber defenses. In the end, they were pleased to report that the web platform didn't contain any critical vulnerabilities thanks to the Customer's consistent vulnerability management strategy. However, the testers revealed a few security issues of medium and low severity that potential attackers could use to get unauthorized access to the platform functionality or the data of its users. They included:
- Missing HTTPs security headers needed for protection against clickjacking, cross-site scripting, and other common cyberattacks.
- Lack of brute-force protection. Due to the unlimited number of failed logins, attackers could break into a user's account by systematically trying every possible combination of letters, numbers, and symbols until they find the one that works.
- Weak password policy that didn't enforce the creation of secure passwords.
- Misconfigured Cache-Control that allowed browsers and proxies to store sensitive information.
To prevent the exploitation of the discovered security gaps, ScienceSoft's security experts recommended:
- Implementing HTTPs security headers: X-Frame-Options, X-Content-Type-Options, Content-Security-Policy, and others.
- Limiting the number of failed login attempts.
- Setting a strong password policy and using an additional authentication factor.
- Configuring Cache-Control so that it doesn't store sensitive data.
It took ScienceSoft's team 14 days to complete the penetration testing project and report on its results.
Results
The Customer received a full description of the vulnerabilities that were missed during the previous security checkups. Following ScienceSoft's detailed remediation guidance, the Customer was able to improve the security level of its web platform. ScienceSoft's report was added to the Customer's SOC 2 compliance documentation as tangible proof of its proactive approach to securing its clients' data.
Technologies and Tools
Metasploit, Wireshark, Nessus, Burp Suite, Acunetix, Nmap, Dirb, Postman.
