contact@scnsoft.com en flag +1 214 306 68 37
en flag +1 214 306 68 37
Contact us
Web Application Penetration Testing for a Professional Conference Organizer

Web Application Penetration Testing for a Professional Conference Organizer

Industry
Education

Customer

The Customer is a US-based organization that arranges international conferences for researchers in applied sciences like medicine sciences and engineering. In the recent years, they have been holding more than 200 events annually.

Challenge

The Customer needed to evaluate the security level of their new web application that would help them manage conference planning and coordination: from registering attendees to traveling and accommodation arrangements. Before launching the app, they wanted to ensure that it didn’t contain any security flaws that could compromise the Customer’s or the conference participants’ data.

The Customer was looking for a reliable security testing vendor with proven technical expertise and high service quality. Other essential requirements included conducting penetration testing on short notice (within only two weeks), a clear reporting format, and actionable recommendations on fortifying the web application’s security.

Solution

Impressed with ScienceSoft’s vast cybersecurity portfolio and positive references from our US-based clients, the Customer decided to entrust the pentesting project to ScienceSoft’s security team.

Taking into account the project’s time constraints, ScienceSoft’s security team opted for the gray box approach that allowed for thorough exploration of the Customer’s web application and 5 APIs within a short period of time. ScienceSoft’s security engineers were provided with credentials for testing under different user roles: Headquarters Staff, Venue Staff User, Organizer, Conferee. The testers planned and performed penetration testing according to the OWASP Web Security Testing Guide methodology.

Having exhausted all possible ways to break through the web application’s security, ScienceSoft’s security testers were pleased to report that there were no vulnerabilities a potential attacker could exploit. To help maintain such a high level of cyber defense and prevent any future data breaches, ScienceSoft recommended the Customer to establish consistent security management policies, such as:

  • Performing continuous check-ups for known vulnerabilities: ideally, running vulnerability scanners once a week.
  • Documenting all changes made to the web app and conducting vulnerability assessment and penetration testing after introducing any significant modifications.
  • Performing regular backups of important data.
  • Preparing an incident response plan, and more.

The entire project from planning to reporting on the testing results took 10 days.

Results

The Customer received tangible proof of the high security level of their web application. They also got actionable guidance on keeping their app protected against potential cyber treats.

Technologies and Tools

Nessus, Burp Suite, Acunetix, DirBuster, Postman, Vooki.

Have a question to our team or need help with your project?

Our team is ready to provide client references, estimate your project, or answer any other question related to your IT initiative.

Upload file

Drag and drop or to upload your file(s)

?

Max file size 10MB, up to 5 files and 20MB total

Supported formats:

doc, docx, xls, xlsx, ppt, pptx, pps, ppsx, odp, jpeg, jpg, png, psd, webp, svg, mp3, mp4, webm, odt, ods, pdf, rtf, txt, csv, log

Get in touch instantly

Call us Live chat WhatsApp Email us

More Case Studies

Share:

facebook twitter linkedin