YMCA George Williams College were looking to engage with a Cyber Security partner to conduct a comprehensive security review of their web application service offering and provide a development day to upskill internal staff. They needed to ensure the security of the personal information held on their web application and ensure their compliance with industry regulations.

Scoping and Pre-Testing

To accurately provide a quotation, a scoping call took place with one of Cybaverse's Account Managers and an experienced Penetration Tester. This enabled Cybaverse to comprehensively understand the needs of the business and the web application. This allowed for an accurate and bespoke proposal to be drawn up that met YMCA George Williams College's exact requirements.

After working through the competitive quotes, the client chose Cybaverse because of the range of services available and the option to have a retest and feedback following the initial test. This would help the business continue their strategy of building secure ecosystems of data with their partners.

It was assessed that YMCA George Williams College required a Web Application Penetration Test and 'discovery day' which allowed Cybaverse to full explain test findings and support with remediation.

‍

‍

Testing

Cyabverse, unlike other penetration testing companies, build a relationship with clients and see them as a partner rather than a one-off project, this is even more apparent throughout the testing period.

From scope to project completion, Cybaverse’s technical experts stay in constant contact with clients to keep the client up to date with testing progress, reporting critical findings and ensuring the client is receiving the most value out of the penetration test.

Methodology

Cybaverse use their extensive experience alongside industry guidelines such as the OWASP Top Ten to conduct the assessment of the web applications. Our tester first scopes the web applications by crawling the site and finding all pages and any search functions. This will build a picture of possible actor vectors.

Our consultants will always cover the OWASP Top-10 vulnerabilities that commonly affect web applications:

• Broken Access Control
• Cryptographic Failures
• Injection
• Insecure Design
• Security Misconfiguration
• Vulnerable and Outdated Components
• Identification and Authentication Failures
• Software and Data Integrity Failures
• Security Logging and Monitoring Failures
• Server-Side Request Forgery (SSRF)

Report and Support

Throughout the engagement, the YMCA George Williams College was kept continuously updated with progress for any high or critical findings, allowing the client the opportunity to begin remediating and working with Cybaverse to fix any immediate issues.

Cybaverse always present a clear, detailed, easy-to-read report making it easy for management to understand the risks the business faces. The report includes technical findings, detailing how the vulnerabilities were found to allow the client to recreate the proof of concept and follow remediation guidance.

In this instance, Cybaverse worked alongside the client, working through each finding and offering support and ensuring the swift remediation of any vulnerabilities.

Summary

Cyabverse, unlike other penetration testing companies, were able to offer the client a bespoke service that truly met their needs. The client was able to undergo testing and get a full report and debreif on the testing process, alongside support and guidance from a cyber security expert to ensure remediations were implemented quickly and effectively.