Safety audit of a blogging platform and its server infrastructure

The client: one of the biggest blogging platforms in Poland.

Our goal: to ensure the platform’s security by conducting a full safety audit of the sever infrastructure.

What we did:
in order to get the job done, we had to act as someone who would
like to attack our client and hack into their portal. We were not given any details
except the address of the site. We engaged 4 of our app safety specialists and OS
specialists. The first thing we did was to get as many details on the portal as
possible, but to do that we had to discover loopholes in their security first.

How we did it:
1)We gathered as much intel on the portal as possible (thanks to that we
knew what the server infrastructure looked like)
2)We conducted a penetration test of the web app (the portal itself)
3)We conducted a penetration test of the server infrastructure
4)We provided the client with a full report on the loopholes we identified
5)We suggested means to eliminate these loopholes and improve overall
security of the platform

What the report contained:
it showed all the vulnerabilities we found during the
test.

What we found:
13 critical vulnerabilities, of which 8 allowed us to change
content of the portal and access clients database. The other 5 were about wrong
configuration of the client’s servers.

What the client gained:
we eliminated a total of 56 loopholes in their security
system. Had the client not used our service, he would probably lose users at
some point due to a hacker taking over the portal and acquiring data.

What we gained:
we gained another happy client and satisfaction of a job well
done. As we always learn something while conducting audits, too, we raised our
qualifications as well.