Firesand has saved a firm millions in potential fines following a test that identified a critical vulnerability.
The penetration test uncovered a vulnerability that led to direct access to the client’s system and to its customers' details. This included personal information, such as names and addresses and medical information.
The obtained information was enough to identify individuals with the potential to blackmail them.
Firesand was able to bypass the access control and extract information of all users from an API. The component that was meant to control access to the API had been badly built and allowed the information to be acquired.
This example highlights the importance of properly securing the API and ensuring the access control is not based on something that can be easily manipulated.
Chris Blake, Director, and Principal Data Protection & Privacy Consultant, said: “We worked with the client to fix the issue and ensured it is no longer a problem. Our test saved this business millions in potential fines as no customer data was breached. If personal data had been accessed the firm would have likely received a substantial fine.
“The exercise revealed the importance of ensuring that websites and platforms are regularly monitored for potential threats. Any small update can cause problems. You can’t build something and forget about it. You need a team to undertake a regular and robust testing programme.”
Firesand services include identifying opportunities for security improvements within your business. We do this via audits, penetration testing, and vulnerability scanning.