IT Penetration Testing (East European Energy Client)
Having completed TSCM and physical penetration testing services for an East European energy client. We were asked to look at the companies IT systems and infrastructure based in London and a Baltic capital. The IT systems included internal company servers, a time management server system and the main company website.
QCC Global used our qualified IT red teaming engineers to examine and evaluate the IT systems, visibility and vulnerabilities from outside the companies premises. Using recognised red teaming techniques and tools, “White Hat” ethical hacking procedures the servers and website were examined and tested.
The testing looked for common issues such as: weak password protocols, unchanged default login accounts, buffer overflow issues, insecure database services and format string attacks. In addition SQL injection, Cross-Site Scripting, broken authentication, insecure encryption implementation and redirects and forwards on the site that may have vulnerabilities were evaluated. Remote access administration services were examined as well as the potential for Denial of Service attacks.
At the conclusion of the testing process several issues were found that needed to be addressed, the vulnerabilities were presented in a post-test meeting and report, rating the issues as Critical, Important and Minor. QCC Global suggested remedial action for each of the issues uncovered during the test. QCC Global carried out extensive follow ups with the client to implement the patches and residual actions that were needed to make the inspected systems secure.
At the conclusion of the process the IT systems and Website were highly secured against unauthorised intrusion, cyber-attack and Denial of Service. The client implemented a program of ongoing testing to keep the existing and new IT systems at a highly secure and functional level.