Case Study
Penetration Testing for The Educational Sector
Penetration testing for peace of mind for YMCA George Williams College.
.png?width=536&height=424&name=ymca%20george%20williams%20college%20(1).png)
The Client
YMCA George Williams College
YMCA George Williams College were looking to engage with a Cyber Security partner to conduct a comprehensive security review of their web application service offering and provide a development day to upskill internal staff.
They needed to ensure the security of the personal information held on their web application and ensure their compliance with industry regulations.
Overview
Scoping & Pre Testing
To accurately provide a quotation, a scoping call took place with one of CybaVerse's Account Managers and an experienced Penetration Tester. This enabled CybaVerse to comprehensively understand the needs of the business and the web application. This allowed for an accurate and bespoke proposal to be drawn up that met YMCA George Williams College's exact requirements.
After working through the competitive quotes, the client chose CybaVerse because of the range of services available and the option to have a retest and feedback following the initial test. This would help the business continue their strategy of building secure ecosystems of data with their partners.
It was assessed that YMCA George Williams College required a Web Application Penetration Test and 'discovery day' which allowed CybaVerse to fully explain test findings and support with remediation.
Timely Collaboration
Testing
CybaVerse use extensive experience alongside industry guidelines such as the OWASP Top Ten to conduct the assessment of the web applications. Our tester first scopes the web applications by crawling the site and finding all pages and any search functions. This will build a picture of possible attack vectors.
Our consultants will always cover the OWASP Top-10 vulnerabilities that commonly affect web applications:
- Broken Access Control
- Cryptographic Failures
- Injection
- Insecure Design
- Security Misconfiguration
- Vulnerable and Outdated Components
- Identification and Authentication Failures
- Software and Data Integrity Failures
- Security Logging and Monitoring Failures
- Server-Side Request Forgery (SSRF)
Web App Testing
Discovery Day
Sensitive Data Handled
Report and Support
Project Outcome
Throughout the engagement, the YMCA George Williams College was kept continuously updated with progress for any high or critical findings, allowing the client the opportunity to begin remediating and working with CybaVerse to fix any immediate issues.
CybaVerse always present a clear, detailed, easy-to-read report making it easy for management to understand the risks the business faces. The report includes technical findings, detailing how the vulnerabilities were found to allow the client to recreate the proof of concept and follow remediation guidance.
In this instance, CybaVerse worked alongside the client, working through each finding and offering support and ensuring the swift remediation of any vulnerabilities.