The Challenge
Operating in the highly regulated financial industry, the bank must ensure all products are fully secure.
Among the challenges faced by the bank the most significant ones were:
- Strict Regulatory Compliance. Operating in a highly regulated financial industry requires 100% security for all products.
- Evolving Cyber Threats. The bank needed to keep up with the latest vulnerabilities and hacking methods, while also having an in-house cybersecurity team.
- Complex Product Security. Ensuring security for a new securities trading platform with complex and unique business logic was a challenge for the majority of cybersecurity services providers.
- Sensitive Data Protection. It was critical to protect sensitive data on the new platform before launch.
- Vulnerability Identification. The bank needed a provider experienced in financial web applications to identify security weaknesses.
The company sought a provider experienced in financial web applications to conduct GreyBox penetration testing.
The project aimed to find vulnerabilities in a web application, recommend fixes, and assess its overall security.
The Solution
The client chose the Gray Box penetration testing method, so they provided the FS Group team with authorized user credentials to test the web application.
The penetration testing for the bank consisted of the following steps:
- Collecting information from the client
- Clarifying the testing goals
- Discussing Rules of Engagement
- Conducting a study on the goals
- Performing manual checks and analyzing the results
- Conducting automated checks of the web application
- Investigating detected vulnerabilities to determine exploitation methods and developing attack software
- Preparing a report and recommendations for eliminating identified vulnerabilities.
Result
- 1 high and 3 medium severity vulnerabilities discovered.
- FS Group prevented a potential financial loss of tens of millions of dollars (taking into account the product features and the bank’s size) by discovering the high-severity flaw.
- The bank avoided not only significant financial loss, but also reputational damage, regulatory fines and penalties, and loss of customers.
- Report with a detailed overview of all vulnerabilities found and mitigation recommendations.
The report consisted of:
- Testing results summary
- Detailed testing results description
- 2 appendixes: tests performed and recommendations for fixing vulnerabilities
- Conclusion and the current security status.
As a result, the client is happy with FS group’s work, and the companies are now collaborating on new projects together.
is the financial industry.
tested by FS Group in 2023, external attackers could access the corporate local area network.