Main Pre-Launch Pentest by FS Group Prevents a Major Bank from Costly Risks Caused By High-Severity Flaw

Pre-Launch Pentest by FS Group Prevents a Major Bank from Costly Risks Caused By High-Severity Flaw

One of the largest commercial banks in Kazakhstan, serving millions of clients and operating hundreds of branches, faced a critical challenge: ensuring the security of a new web application with complex and unique business logic.

To address this, the bank engaged FS Group’s penetration testing specialists, renowned for their expertise in the financial sector and access to cutting-edge threat intelligence.

FS Group identified one high-severity and three medium-severity vulnerabilities and provided a detailed report outlining the vulnerabilities and actionable mitigation recommendations.

The Challenge

Operating in the highly regulated financial industry, the bank must ensure all products are fully secure.

Among the challenges faced by the bank the most significant ones were:

Strict Regulatory Compliance. Operating in a highly regulated financial industry requires 100% security for all products.
Evolving Cyber Threats. The bank needed to keep up with the latest vulnerabilities and hacking methods, while also having an in-house cybersecurity team.
Complex Product Security. Ensuring security for a new securities trading platform with complex and unique business logic was a challenge for the majority of cybersecurity services providers.
Sensitive Data Protection. It was critical to protect sensitive data on the new platform before launch.
Vulnerability Identification. The bank needed a provider experienced in financial web applications to identify security weaknesses.

The company sought a provider experienced in financial web applications to conduct GreyBox penetration testing.

The project aimed to find vulnerabilities in a web application, recommend fixes, and assess its overall security.

The Solution

The client chose the Gray Box penetration testing method, so they provided the FS Group team with authorized user credentials to test the web application.

The penetration testing for the bank consisted of the following steps:

Collecting information from the client
Clarifying the testing goals
Discussing Rules of Engagement
Conducting a study on the goals
Performing manual checks and analyzing the results
Conducting automated checks of the web application
Investigating detected vulnerabilities to determine exploitation methods and developing attack software
Preparing a report and recommendations for eliminating identified vulnerabilities.

Result

1 high and 3 medium severity vulnerabilities discovered.
FS Group prevented a potential financial loss of tens of millions of dollars (taking into account the product features and the bank’s size) by discovering the high-severity flaw.
The bank avoided not only significant financial loss, but also reputational damage, regulatory fines and penalties, and loss of customers.
Report with a detailed overview of all vulnerabilities found and mitigation recommendations.

The report consisted of:

Testing results summary
Detailed testing results description
2 appendixes: tests performed and recommendations for fixing vulnerabilities
Conclusion and the current security status.

As a result, the client is happy with FS group’s work, and the companies are now collaborating on new projects together.

is the financial industry.

bank tested by FS Group in 2023, external attackers could access the corporate local area network.

Key takeaways

The successful result of this case was possible thanks to the FS Group’s penetration testing service, which includes the following:

The test covers all the nodes of your information system on which your business depends: network-related components, operating systems, middleware, databases, and application servers.
FS Group tests according to the GreyBox, BlackBox, and Vulnerability Assessment scheme.
FS group has unique threat intelligence access. The company is a key player in Ukraine’s Threat Intelligence market, so their analysts can test your system with the most up-to-date hacking methods. For example, FS Group’s analysts have access to closed “underground” sites and forums in the following areas: hacking, spam, malware, and carding, along with a database of 30 billion compromised accounts from open and closed sources.

What clients say

“The FS Group was professional and thorough. Their detailed and easy-to-understand report, along with prompt clarifications, helped us quickly improve the application’s security for launch.”

CISO, client’s cybersecurity department.

Products that were used

Penetration Testing

Considering the limitations of generic cybersecurity tools.

Secure Your Business Now

FS Group will protect you from evolving cybersecurity threats around the world.

First name Provide your First name Last name Provide your Last name

Company name Provide your Company name Job Title Provide your Job Title

Company sector

IT Sector Finance Health Public Sector Telecommunications Retail Education Other

Business email Invalid Business email Phone number Invalid Phone number

Check where your cyber security gap is This site is protected by reCAPTCHA and the Google Privacy Policy.

I need help right away