Top.Mail.Ru
Enhancing security of information infrastructure facilities for a Russian IT company - Completed project
ICL Services
Services
Services
All services it helper
Information security
Comprehensive Information Security Audit
ICL MSSP SOC: Advanced Detection and Response to Cyber Threats
Digital Services
Digital transformation
Digital transformation
Digital transformation Intelligent Transport Systems (ITSs) MONITORING OF THE OPERATION OF BUSINESS APPLICATIONS Virtual Reality/Augmented Reality Intelligent automation via RPA platform Development, Implementation and Support for IoT Solutions
Implementation and Migration
Migration Of Infrastructure, Configurations, Applications, Data, And Users
Products
Colibri-ARM workstation management system for IT infrastructure of any scale
AIDA – AI-Powered Solution for Request Automation
Projects
Company
Company
ICL Services
History
Persons
Social responsibility
News
Video
Career
Career
Career
Career in ICL Services
Career in ICL Services
Career in ICL Services Advantages of work in ICL Services
Contact us
Callback
ru
en

Enhancing security of information infrastructure facilities for a Russian IT company

The company sought support in assessing the security of its external information infrastructure and key BPaaS platform.

The client required a detailed audit with a comprehensive analysis, as well as clear, structured recommendations of both technical and strategic nature to improve cybersecurity.

Key Challenges

  • Identify potential vulnerabilities and possible attack vectors
  • Ensure compliance with legal information security requirements
  • Strengthen security mechanisms to reduce the risks of data leaks
Read more about the project Задать вопросAsk a question
Implemented our solution

  1. The project was implemented in two phases, each of which provided a comprehensive security assessment of the customer's infrastructure.

    The first phase involved analyzing source code and executable files using SAST and DAST methods. ICL Services specialists tested the system for vulnerabilities in real time, simulating possible external attacks and verifying the effectiveness of previously identified issues.

    In the second phase, the team conducted comprehensive penetration testing. They used both black-box methods, where the assessment was conducted without access to internal data, and gray-box methods, where web applications and systems with user access were tested.

    Black-box testing consisted of several steps:

    • began with reconnaissance and information gathering on target systems, using open sources, DNS, WHOIS, and OSINT tools to understand the network structure and potential entry points,
    • next, port scanning was performed using Nmap, searching for hidden files and directories, and extracting information.
    Particular attention was paid to modeling attacks on network services and web applications, including vulnerabilities from the OWASP Top 10 list, testing for injection attacks (SQL, OS, LDAP), access control violations, insecure web application configurations, XSS vulnerabilities, and improper error handling.

    Privilege escalation attempts were also performed on accessible internal systems.

    The team utilized a wide range of tools, including Burp Suite Professional Edition, SonarQube, OWASP ZAP, Google Dorking, Nmap, Nessus, and kiterunner, allowing them to thoroughly identify and systematize all potential risks.

Products and technologies

  • Burp Suite Professional Edition
  • SonarQube
  • OWASP ZAP
  • Google Dorking
  • Nmap
  • Nessus
  • kiterunner

Results

  • We identified priority areas for improving the information security management system.
  • Identified over 20 vulnerabilities with detailed descriptions, exploitation scenarios, and potential impacts on the customer's infrastructure.
  • Prepared recommendations for promptly eliminating vulnerabilities and strengthening the corporate perimeter's security in the short term.
  • Developed strategic recommendations for transforming the IT infrastructure to increase its security, and low-level instructions for independently conducting regular scans.

Services provided

Drop us a line

Contact us

Request a call

Name*
Phone*
Email*
Company*
Please see the Privacy Notice further information regarding your rights.

I have read the Privacy Notice and consent to the processing of my personal data

icl-services.com uses cookies, and by continuing browsing the website you give your consent to the use of cookies by us. Otherwise you should leave our website after reading this.
OK

Ask a question

Name*
Email*
Company*
Position*
Phone*
Message*
Please see the Privacy Notice further information regarding your rights.

I have read the Privacy Notice and consent to the processing of my personal data

Request a call

Name*
Phone*
Email
Company*
Please see the Privacy Notice further information regarding your rights.

I have read the Privacy Notice and consent to the processing of my personal data

Up