Project highlights
- Comprehensive security testing based on the OWASP and SANS approaches
- Proactive cybersecurity consulting and regular security audits
- Detailed report on all identified vulnerabilities and technical guidance on fixing them
- Industry:
- Retail, eCommerce
- Market:
- New York, USA
- Cooperation:
- 2019 – present
Business challenge
An innovative US-based company offering human resources software solutions for huge corporations worldwide had the ambitious aim to change customers’ perceptions of a team recognition and award program. The client’s holistic platform provides human resources (HR) specialists with a rewarding solution for offering personalized gifts to their team members.
As an enterprise platform, the solution needed to comply with security requirements to protect against potential corporate software threats. Moreover, neglecting cybersecurity challenges that modern retailers face can result in data breaches and, as a result, can have a devastating impact on a company’s reputation and assets.
Aiming to enhance the protection of their solution, our client sought out IT security consulting experts with a wide range of security consulting services. As we already had a successful working relationship with the client and delivered retail software services, we were interested in extending our cooperation and providing cybersecurity consulting services to their company. Our client decided to entrust one of our certified and highly skilled security specialists with the responsibility for identifying, prioritizing, and mitigating information security risks in their solution.
Security consulting services delivered
With the aim to ensure that end users’ data is effectively protected, our involvement in this project spanned a wide range of security consulting services from security testing to retail cybersecurity consulting, including security auditing and monitoring, proactive loss prevention, and provision of technical guidance on security issues to the client’s development team.
An Intellias Offensive Security Certified Professional (OSCP) executed the project in one month. To ensure that the client’s solution wasn’t vulnerable to any known type of cyberattack, our OSCP expert built the test process around the OWASP Web Security Testing Guide and SANS approaches. The testing we conducted included the following techniques:
- Manual validation and verification
- Threat modeling
- Code review
- Penetration testing
Our OSCP-certified expert’s thorough analysis and comprehensive testing of the corporate gift-giving solution resulted in a detailed report on all identified vulnerabilities. The report, which divided these vulnerabilities according to the standard impact-based approach (informational, low, medium, high, and critical), included a fair number of critical issues that required prompt action from the client’s development team. We supplemented this report with a detailed description of each security gap, provided technical guidance on fixing those gaps, and suggested improvements to the platform’s security and countermeasures against cyberattacks.
We also issued a certificate testifying to the solution’s compliance with the highest security standards so the client can provide proof of the solution’s security to their customers.
Business outcome
Cooperating with Intellias on cybersecurity consulting and penetration testing was informative for our client, nurturing a culture of information security awareness at their company. After we successfully delivered security consulting services, our client contracted with us for a yearly security audit of their solution and cybersecurity consulting. Intellias has also committed to providing guidance and support to the client’s development team to ensure rapid and correct elimination of all system vulnerabilities.
Our expert’s examination of security weaknesses in the client’s solution resulted in a series of improvements to the platform’s security and performance. Among the greatest benefits our client received from our cooperation are the following:
- A boost to the company’s reputation
We provided our client with valuable security consulting services that protect their brand’s reputation and guarantee the security of their customers’ sensitive information. - Business development
Establishing the highest security standards and performing regular solution audits opened opportunities for our client to collaborate with huge corporations. - Cost savings
Thanks to our cybersecurity consulting and work, our client saved considerable costs and avoided penalties from customers due to non-compliance with security policies and leaks of sensitive information. In addition, conducting penetration testing before an update is released is much simpler, faster, and, as a result, cheaper than conducting such testing when a solution is in production.