Case Study
Security First Penetration Testing with OnlineDIRECT
Custom-built SaaS organisation chooses bespoke security-first Penetration Testing service from CybaVerse.
The Client
OnlineDIRECT
In 2003, OnlineDIRECT became the UK's first business energy aggregator; a platform that has enabled them to provide market access and support to thousands of brokers.
Today, they go well beyond simple aggregation by providing market leading training, support and technology services to Brokers and TPI's. OnlineDIRECT have access to an array of data so it was crucial for them to ensure their applications were secure.
Overview
The Requirement
OnlineDIRECT were looking to engage with a Cyber Security partner to conduct a comprehensive security review of their web application service offering. They had already received a tender from another large cyber security vendor, with an approximate timeframe of 5 days to complete engagement. They were then recommended CybaVerse by a colleague, and they reached out to ask for a quotation.
To accurately provide a quotation, credentials were obtained and CybaVerse assigned a tester to comprehensively explore the application in order to accurately understand the effort involved in meeting the client requirements. This enabled a quotation to be provided which was a true and accurate reflection of the client’s needs. A tender was submitted a quotation with a timeframe of 25 days to complete testing.
Working Together
Services Needed
After working through the requirements and conducting the initial investigation it was deduced that the scope of work would include:
- A full comprehensive web application assessment, looking at OWASP Top Ten as a minimum
- An internal Penetration Test of the network and active directory review
- An external Penetration Test
For this assessment, including manual assessment and not just using automated scanning tools, the overall time frame proposed by CybaVerse was 5 times larger than other quotations the client had received.
CybaVerse were successful in their tender and scheduled the work to be completed within an agreed timeframe.
Full OWASP Web Application assessment.
Internal Penetration Test of network & active directory.
External Penetration Test on the external network infrastructure.
Reporting and Remediation
Project Progress
From scope to project completion, CybaVerse’s technical experts stay in constant contact with clients to keep the client up to date with testing progress and reporting critical findings.
CybaVerse was granted access to the backend of their systems, which enabled them to confirm findings and provide a more detailed analysis of the vulnerabilities.
The final report provided always includes technical findings, detailing how the vulnerabilities were found to allow the client to recreate the proof of concept and follow remediation guidance.
Post engagement, CybaVerse worked with the client to provide expert advice and consultancy on hardening measures.
Words from the client
Building Relationships and Trust
"In comparison to other penetration test offers that we had received we felt that CybaVerse’s was the most honest. A lot of other testers had originally said they would be able to test all our infrastructure in 3-4 days, which was later proven to be impossible."
Kiefer-Joe CoppTechnical Support Specialist, OnlineDIRECT