ValueMentor is recently engaged in an Internal and External Penetration Testing engagement at a very large Oil Sector company in Kuwait.
The engagement involved the external penetration testing of the companies internet infrastructure which includes multiple web servers, email servers, network devices etc. One of the key application security assessment performed was on the Vendor Management system exposed to the public internet. The application acts as the primary interface between the vendors and the company.
We have identified multiple vulnerabilities in the application, that otherwise would have been used by attackers to break into the system and thereby to the network. We have worked closely with the IT team and the external partners of the company to fix the vulnerabilities on a prioritised approach.
Internal network security assessments were focused on testing the strength of the defence in depth architecture. We have seen multiple areas of weaknesses that could allow an attacker to get to the core business systems if specific areas were broken.
The client implemented additional security controls to strengthen the network security architecture.
The total scope of the penetration testing included more than 200 publicly exposed systems, about 15 public applications and about 2000 internal IP addresses.