How penetration testing helped this logistics company resolve critical website security vulnerabilities prior to go-live.
 
Security is on everyone’s mind now, more than ever. High profile cyberattacks and ransomware are now a daily occurrence in our news feeds. While there are tools out there to assist with penetration testing, there are issues that only a security specialist is unable to uncover.
 
A recent example of this was with a Planit customer, a major logistics company, who had performed an internal penetration test using off the shelf software and approached Planit to validate their results. The review uncovered that all testing was performed in the UAT environment that did not have the same high availability configuration as production. This raised a red flag for our experienced consultants who encouraged the customer to perform additional validation on their production infrastructure.
 
During manual testing, a high severity defect was discovered as a direct result of the high availability configuration. This setup exposed a vulnerability in the authentication mechanism and allowed the Planit security team to manipulate login sessions to gain full control of the website. Had this issue been exploited in production, it would have caused a significant loss of revenue and reputation for our customer.
 
This issue would not have been detected if the website was simply tested in a UAT environment, or via automated tools alone. It was the in-depth nature of our penetration testing, and years of experience that enabled us to uncover this potentially critical issue.
 
Luckily for our client this issue was discovered before go-live and were able to quickly resolve the issue for retesting as Planit provided detailed steps to reproduce the vulnerability.
 
If you have critical applications, Planit strongly recommends that you augment your automated penetration testing tools with experienced security consultants to ensure that you aren’t left vulnerable.