Case study overview

Project milestones:

  • Run a comprehensive penetration test on the Customer’s infrastructure
  • Provide and execute a detailed action plan covering remediation for all discovered vulnerabilities
  • Ensure total compliance with legislative requirements during every step of the project

Problem: The Customer required a prompt assessment of existing critical vulnerabilities in their infrastructure to plan and execute next steps in establishing required cybersecurity posture.

Solution: UDV Technologies’ experts team conducted a thorough cybersecurity assessment for over 100 internet-accessible resources operated by the Customer, all in a limited time frame. The assessment included both automated and expert-led checkup procedures.

Key fact: UDV Technologies discovered multiple critical vulnerabilities across the infrastructure, capable of disrupting the Customer’s services completely. An action plan covering necessary upgrades to implemented security measures was designed and provided to the Customer’s security team.

Result: Thanks to assessment results the management recognized the need for migration to systematic cybersecurity approach and began upgrading the security and implementing updated policies in accordance with the plan provided.

Customer profile:

One of the largest airline companies in CIS region, actively developing their own web applications aiming to maintain the high quality of the services provided.

  • Customer’s strict infrastructure reliability requirements are based on an increasing air traffic volume and the assumed high level of Company’s responsibility for their clients.

  • A strive to eliminate the risks for the business and clients’ welfare while operating vulnerable infrastructure justified the security assessment in the eyes of the Customer’s management.

Project tasks

In a situation of the ever-increasing risk of cyberattacks, the Customer decided to run a thorough penetration test on the Company's Internet-based services and applications to identify the critical vulnerabilities and design the new requirements to the cybersecurity system. The Customer invited UDV Technologies’ team to obtain objective assessment results.


Customer care services run by the airline are accessible from the Internet and process sensitive client data including financial transactions and personal data. Service disruption and its consequences are a critical scenario for the business. The Customer has prioritized identifying and remediating every attack vector that could allow the adversaries to impact web applications, forcing them into denial of service state.


Security assessment and penetration testing scenarios had to comply with legislative requirements that dictate a very limited timeframe for performing the assessment.

Solution

  • 01

    Using the black box approach, UDV Technologies white hats performed multiple attempts of obtaining unauthorized access to the Customer's Internet-accessible services, such as the Airline's website, corporate VPN and communication services, etc. In total, over a hundred critical nodes were assessed.

  • 02

    Vulnerability search relied on both automated security scanners and expert-led activities aimed at exploiting discovered cybersecurity shortcomings.

  • 03

    Security assessment and penetration testing results were compiled into a detailed report covering the scope and methodology of the services delivered, as well as detected vulnerability list and suggested remediation measures.

Results

UDV Technologies’ experts concluded that the Customer’s implemented security measures efficiently block direct penetration and obtaining access to the Customer's internal network using the assessed resources. However, a number of critical vulnerabilities impacting the web services operation could lead to a denial of service state for multiple applications.


Top reasons for the large part of the vulnerabilities identified are:

  • Lack of hardware/software updates
  • Using dictionary passwords
  • Using unreliable encryption algorithms
  • Allowed cross-site scripting

UDV Technologies prepared a comprehensive action plan including a number of recommendations for improving cybersecurity related policies and processes and upgrading critical cybersecurity elements.


The Airline used security assessment and penetration testing results for planning future work on improving security tools implemented and other important activities related to sensitive data protection.

The project was delivered in full extent, within the specified timeframe, and can be characterized by the distinguished expertise and efficiency of the project team as well as UDV Technologies’ responsible approach to every the task in the project scope.


Economic Security Department Manager of the Airline

Contact us

CAPTCHA