Success Stories Labor Union Member Portal Secured Via Penetration Testing
The Project
Our client is a labor union in the entertainment and decorative arts industries. When they needed a penetration test to demonstrate the strength of security controls behind their member-only online portal, they called Winmill. With our in-depth knowledge of application development and our expansive experience with penetration testing tools and methodologies, we were the perfect fit. We effectively played the role of an (hypothetical) adversary from top to bottom and clearly documented our findings and recommended remediation next steps.
Challenges
- Play the role of ethical hacker across several technology stacks that included both custom code and a third-party content management system
- Utilize skills and techniques across white box, grey box, and black box testing methodologies
- Conduct the tests under a unique set of rules of engagement that included avoiding the compromise of a critical production data center hosted by an external vendor
Solution
- Worked with client stakeholders to evaluate the assets under test
- Used various industry-standard penetration tools and techniques to identify vulnerabilities
- Presented findings and worked with each team to remediate deficiencies
The Results
Winmill used a thorough and proficient penetration testing methodology that included Burp Suite, OWASP Dependency-Check, Dirbuster, and various Kali Linux tools such as Metasploit. Winmill identified several high-priority security gaps, and helped the client to quickly remediate. The union is now confident that their private member information is safe and out of the crosshairs of black-hat hackers that trawl the internet.
Being on top of security requires the same skill as succeeding in the arts: honing your craft through focused commitment. It requires consistent adherence to principles, dedicated work ethic, perseverance, and professionalism.