Case Study
Chemist4U - Penetration Testing
Penetration Testing for online NHS pharmacy that handles sensitive information.
.png?width=536&height=424&name=chemist4u%20(1).png)
The Client
Chemist4U
Chemist4U is an online pharmacy offering a wide range of healthcare products, including prescription medicines, over-the-counter treatments, and health and wellness items. They provide, free prescription delivery and an online consultation service to facilitate easy access to medications.
For a company like Chemist4U, having a robust cyber security strategy is crucial due to the sensitive nature of the data they handle.
With a variety of systems, applications, and data to secure, keeping track of all potential vulnerabilities and ensuring consistent security measures across the board can be complex.
Overview
Requirement
Ensuring strengthened security measures helps Chemist4U maintain the trust of their customers, comply with regulatory requirements, and treat patient data with the respect it deserves.
With the constantly changing external facing websites and APIs, it’s important for Chemist4U to have annual penetration testing in place to allow them to proactively identify and address any potential weaknesses that could be in their systems.
- Web Application Security Testing
- API Security Testing
Requirements
Scoping and Pre-Testing
For each requirement, CybaVerse engages with the client to determine their requirements and ensures that the engagement is correctly scoped to deliver on those requirements as well as make sure all of the correct legal requirements are satisfied. During the scoping call, the exact requirements are defined and particular services or techniques are discussed and confirmed. CybaVerse's cyber security experts will then look to provide a full proposal, confirming the project scope and goals.
"We were impressed by CybaVerse’s technical knowledge and expertise. We also found their professional and collaborative approach made the engagement a pleasure, giving us confidence in their ability and the ongoing relationship."
Martyn KilbrydeCTO
Online NHS Pharmacy.
Sensitive Data Handled.
Thorough Security Testing.
Timely Collaboration
Testing
Testing is undertaken via an approved method. CybaVerse’s technical experts stay in constant contact with clients to keep the client up to date with testing progress, reporting critical findings and ensuring the client is receiving the most value out of the testing process.
CybaVerse has completed the following types of Penetration Tests for Chemist4U:
- Web Application Security Testing
- API Security Testing
CybaVerse use their extensive experience alongside industry guidelines, all testing is completed inline with the open web application security project (OWASP) top 10.
Using all of the information gathered in the reconnaissance phase, CybaVerse then determined where the potential risk of exploitation lies and created a plan to verify those findings.
.png?width=640&height=238&name=infohealth%20case%20study%20(3).png)
.png?width=536&height=424&name=chemist4u%20(4).png)
.png?width=536&height=424&name=Chemist4U%20(3).png)
Project Outcome
Report and Support
“The outcome of our engagement with CybaVerse was highly positive, ensuring better protection for our patients' sensitive information. Their penetration testing identified several areas of improvement, and they worked with us with actionable recommendations so we could implement these swiftly.”
The report is designed to be clear, detailed, and easy to read, ensuring management can readily grasp the business risks. It includes comprehensive technical findings, explaining how vulnerabilities were identified, allowing clients to recreate the proof of concept and follow remediation steps effectively.
Words from the client
Building Relationships and Trust
“CybaVerse's penetration testing uncovered some vulnerabilities, allowing us to address them promptly. This has strengthened our security posture and given us greater confidence in the robustness of our systems.
For any business looking to engage with CybaVerse for their cyber security needs, the expertise, thorough approach, and professional engagement make CybaVerse an excellent choice. We are already in conversations for more services as part of our overall strategy to increase our cyber security.”
Martyn KilbrydeCTOHow did the solution proposed by CybaVerse meet the needs of the business from a budget and strategy perspective?
“We worked collaboratively and were given recommendations on which areas to test based on risk, ensuring that resources were used efficiently and effectively, whilst not leaving important areas of our systems exposed.”
Martyn KilbrydeCTO