Сase study:
Bank
Vulnerability Assessment of Information Systems for a Bank
Client’s Objective
Conduct an external security assessment of the bank’s information systems using the Grey Box testing methodology, and provide a detailed report outlining identified vulnerabilities along with recommendations for remediation.
About the Project
Our ESKA team of cybersecurity experts performed a comprehensive vulnerability assessment for a financial sector organization, identifying critical weaknesses in their systems. Detecting and mitigating these vulnerabilities is vital to prevent potential data breaches and protect sensitive customer information.
By simulating real-world attack scenarios, we help financial institutions discover and remediate security gaps, ensuring the highest level of data protection for their clients.
Protect your organization and customer data by contacting us for a full vulnerability assessment and penetration test conducted by our experienced team. Stay one step ahead of cyber threats and strengthen your defenses today.
Scope of Work
Scanning the external network perimeter and web applications
Testing the security of the corporate email system (including attachments, links, etc.)
Vulnerability assessment of mobile applications (iOS and Android platforms)
Assessment Goals
The purpose of the assessment was to identify vulnerabilities, evaluate their risk levels, and provide actionable recommendations for remediation. The testing was conducted by ESKA’s ethical hackers following methodologies including OWASP MASVS, simulating attacks from both authorized (authenticated) and anonymous (unauthenticated) user perspectives. After the testing, the client received a comprehensive report detailing the testing process, findings, and improvement recommendations.
Mobile Application Vulnerability Assessment Results
The security review covered three mobile applications on both Android and iOS platforms.
Testing involved a combination of automated tools and manual techniques to thoroughly evaluate the security posture of the apps.
A total of 46 vulnerabilities were found, categorized by risk from Informational to Critical.
16 informational issues
The most severe issue was a medium-risk vulnerability allowing modification of connection data within the app.
29 low-risk issues
1 medium-risk issue
Methodologies we use
Recommendations
Implement protections to prevent screenshot capture in the app gallery by blurring the screen or showing a static image.
.png)
Review biometric authentication logic and implement best practices using cryptographic objects and keystores.
.png)
Add integrity checks of application files before launch to reduce risk of malicious app versions.
.png)
Remove all debug code before app release.
.png)
Encrypt stored sensitive information additionally to ensure a higher level of protection.
Corporate Email Security Testing
During the phishing assessment, our team designed several phishing attack scenarios to evaluate employees' readiness to respond to potential threats. We applied a Grey Box approach: the client provided email addresses of employees, and we gathered additional information via open-source intelligence (OSINT).
It is important to note that no personal attacks were performed on employees via personal messengers, private emails, personal mobile phones, or social media. The phishing scenarios did not use information about employees' personal interests or hobbies.
Attacks targeted only work email addresses. Our goal was to assess staff vigilance, responsiveness to phishing attempts, and the effectiveness of organizational security measures.
Are you interested in learning more about this case or do you have similar security needs?
Our team of experts at ESKA conducted a comprehensive penetration test for a bank, uncovering significant issues and weaknesses within their systems. The identification and resolution of these vulnerabilities are vital in preventing potential data breaches and safeguarding sensitive information.
.png)