The project's customer is a Japanese company, with which ICL Services planned to work together in various IT areas on a long-term basis.
In 2020, the company
launched a new digital project, a Web platform where users can listen to
podcasts and audio shows. To evaluate the expertise of ICL Services in terms of
future work, as a pilot project the client turned to us to analyze the
information security of the service. Key Challenges
- Evaluate the security level and the possibility of hack-ing a web service using pen test attacks.
- Formulate recommenda-tions to address security flaws and test their imple-mentation to improve the web service's reliability and resilience to cyberattacks.
- Prepare a final report in Japanese.
Solution
Implemented our solution
The project began in the fall of 2020. ICL Services specialists first discussed the task with the customer, agreed on methodologies, access, and tools, and got to work.
Penetration testing was implemented based on a black-box methodology: after receiving a resource link from the customer, the experts had to perform the test using specific IP addresses, so that they had access to the test bench.
The service's functionality was simple — for example, there was no user authentication or payment for subscriptions. However, ICL Services engineers discovered several security flaws.
For instance, it was identified how hackers can make the resource under test send arbitrary requests and attack other systems. The experts gave recommendations on how to avoid this, and on retesting confirmed that the customer had fixed the flaws.
Results
- The pen test project was completed in two weeks.
- Security flaws were identi-fied and recommendations for fixing them were given, and a retest was conduct-ed.
- A report was prepared in Japanese that described in detail each security flaw, how to exploit it, and the risk associated with it.
- After the successful im-plementation of the pilot project, the customer con-tinued to work with ICL Services in other areas.