About

The Customer is a large Gulf-based retail bank with around 550 branches, providing comprehensive banking services to more than 2.5 million clients.

Challenging

The Customer needed to test the security controls deployed within their IT infrastructure. For this reason, they were looking for a qualified security testing provider knowledgeable in the banking industry to conduct.

Vulnerability assessment and penetration testing of the network s external perimeter. Vulnerability assessment and penetration testing of the networks internal environment (servers, firewalls, etc.).

Solution

VolgoTechnologies team conducted black box penetration testing of the external perimeter of the Customer s network. The ethical hackers didnt manage to penetrate the network with no credentials, so they proceeded with the gray box testing method using user login details but having no access to the entire network. Gray box penetration testing revealed a vulnerability of the Customer s remote server to external manipulations. VolgoTechnologies recommended the Customer address the vendor of server software to fix the issue.

Staging

Data Ware House

Data Ware House

Desktop Application

Results

The Customer received detailed reports of the conducted network vulnerability assessment, penetration testing, and the security risk assessment of the client digital channels with recommendations to mitigate the discovered vulnerabilities. After fixing all the issues according to the provided remediation plan, the Customer ran retesting, which showed the increased security level of the network s external perimeter and internal environment.

Technologies and Tools

Nmap, Nessus, Burp Suite, Gophish, Metasploit, Netcat, DIRB, Nikto, SSLScan, Firefox Developer Tools.