How a property services group ensured brand protection and security with Web App Penetration Testing
Propert Services Group
Case Study
The Requirement
The UK’s leading independent conveyancing and property services group had deployed some new website developments, so as part of the group’s regular penetration testing, it wanted to make sure that configuration of the server, application and connections remained secure.
To learn more, read the full case study.
“The DigitalXRAID team’s response times were great. Everything worked well and ran smoothly.
Compared with previous penetration testing providers, the reporting was much more thorough, with Board level summaries as well as detailed technical explanations of what had been discovered during the test – plus how to fix any issues.
I would be happy to recommend DigitalXRAID’s services.”
The conveyancing and property services group engaged DigitalXRAID to perform the Web Application Penetration Test to identify any security weaknesses and potential exploitable vulnerabilities.
DigitalXRAID used various tools and techniques as part of the penetration test, in line with industry best practice. Testing was performed using an advanced testing methodology, comprised of years of experience and aligned closely with Open Web Application Security Project (OWASP) and Open-Source Security Testing Methodology Manual (OSSTMM) and other industry standards.
The team conducted comprehensive tests which assessed the web app from an unauthenticated and authenticated perspective and determined whether the web app could be compromised.
As a high level overview, the testers looked at areas such as registration processes and role definition, and identity authentication and authorisation in order to attempt to bypass processes and workflows.
As part of the test, DigitalXRAID’s penetration testers also conducted checks to ensure that the application appropriately validated and sanitised all input from the user or environment, checking for common input validation vulnerabilities such as cross-site scripting, SQL injection, code injection, server-side attacks, and host header injection.
At the end of the testing period, DigitalXRAID supplied a comprehensive report, detailing the methodologies followed and highlighting and categorising any vulnerabilities found into low, medium, high and critical priorities. The report included a risk summary that explained how any vulnerabilities identified could be used by an attacker to affect the business.
To learn more about the full pen testing solution, read the full case study.
The Results
The conveyancing and property services group has been able to shore up security to ensure that there are no exploitable vulnerabilities in the web application. The group is confident that the web application is currently guarded against active threats from cyber criminals.
The conveyancing and property services group are now able to share the results of the web application penetration test with the Board, with information from the report which is structured for Board level conversations.
Penetration testing is a key part of the conveyancing and property services group’s cybersecurity strategy, so looking forward, further regular penetration testing will be conducted across various brands and infrastructure.
If you would like more information on our managed service for penetration testing, get in touch with our team of experts today.
Protect Your Business & Your Reputation.
With a continued focus on security, you can rest assured that breaches and exploits won't be holding you back.