EN
Get in Touch

Pre-Launch Pentest by FS Group Prevents a Major Bank from Costly Risks Caused By High-Severity Flaw

One of the largest commercial banks in Kazakhstan, serving millions of clients and operating hundreds of branches, faced a critical challenge: ensuring the security of a new web application with complex and unique business logic.

To address this, the bank engaged FS Group’s penetration testing specialists, renowned for their expertise in the financial sector and access to cutting-edge threat intelligence.

FS Group identified one high-severity and three medium-severity vulnerabilities and provided a detailed report outlining the vulnerabilities and actionable mitigation recommendations.

The Challenge

Operating in the highly regulated financial industry, the bank must ensure all products are fully secure.

Among the challenges faced by the bank the most significant ones were:

  • Strict Regulatory Compliance. Operating in a highly regulated financial industry requires 100% security for all products.
  • Evolving Cyber Threats. The bank needed to keep up with the latest vulnerabilities and hacking methods, while also having an in-house cybersecurity team.
  • Complex Product Security. Ensuring security for a new securities trading platform with complex and unique business logic was a challenge for the majority of cybersecurity services providers.
  • Sensitive Data Protection. It was critical to protect sensitive data on the new platform before launch.
  • Vulnerability Identification. The bank needed a provider experienced in financial web applications to identify security weaknesses.

The company sought a provider experienced in financial web applications to conduct GreyBox penetration testing.

The project aimed to find vulnerabilities in a web application, recommend fixes, and assess its overall security.

The Solution

The client chose the Gray Box penetration testing method, so they provided the FS Group team with authorized user credentials to test the web application.

The penetration testing for the bank consisted of the following steps:

  • Collecting information from the client
  • Clarifying the testing goals
  • Discussing Rules of Engagement
  • Conducting a study on the goals
  • Performing manual checks and analyzing the results
  • Conducting automated checks of the web application
  • Investigating detected vulnerabilities to determine exploitation methods and developing attack software
  • Preparing a report and recommendations for eliminating identified vulnerabilities.

Result

  • 1 high and 3 medium severity vulnerabilities discovered.
  • FS Group prevented a potential financial loss of tens of millions of dollars (taking into account the product features and the bank’s size) by discovering the high-severity flaw. 
  • The bank avoided not only significant financial loss, but also reputational damage, regulatory fines and penalties, and loss of customers.
  • Report with a detailed overview of all vulnerabilities found and mitigation recommendations. 

The report consisted of:

  • Testing results summary
  • Detailed testing results description
  • 2 appendixes: tests performed and recommendations for fixing vulnerabilities
  • Conclusion and the current security status.

As a result, the client is happy with FS group’s work, and the companies are now collaborating on new projects together.

2nd most attacked sector

is the financial industry.

In every bank

tested by FS Group in 2023, external attackers could access the corporate local area network.

Key takeaways

The successful result of this case was possible thanks to the FS Group’s penetration testing service, which includes the following:

  • The test covers all the nodes of your information system on which your business depends: network-related components, operating systems, middleware, databases, and application servers.
  • FS Group tests according to the GreyBox, BlackBox, and Vulnerability Assessment scheme.
  • FS group has unique threat intelligence access. The company is a key player in Ukraine’s Threat Intelligence market, so their analysts can test your system with the most up-to-date hacking methods. For example, FS Group’s analysts have access to closed “underground” sites and forums in the following areas: hacking, spam, malware, and carding, along with a database of 30 billion compromised accounts from open and closed sources.

What clients say

“The FS Group was professional and thorough. Their detailed and easy-to-understand report, along with prompt clarifications, helped us quickly improve the application’s security for launch.”

CISO, client’s cybersecurity department.

Secure Your Business Now

FS Group will protect you from evolving cybersecurity threats around the world.
Company sector
I need help right away