Completed projects in IT security
To give you an idea of our work, we have listed some of the most exciting projects here. We are now active in various industries and areas and have a broad wealth of experience. We also ask for your understanding that we cannot mention the names of our customers. However, we are happy to provide contacts!
Pentest in the Field of Robot-Assisted Process Automation
We tested an RPA software for a customer originating from Germany but now operating globally. The software is a complex platform based on ASP.Net, consisting of multiple sub-platforms that can be distributed individually or as a package. The complexity of the software and the multitude of possible configurations made the test a particular challenge. During two penetration tests, several vulnerabilities - including 2 critical ones - were found and resolved.
Throughout the penetration test (which was conducted on a demo environment), we communicated important findings directly with the technical teams via the "short" route through Slack, so that the production systems could be protected in parallel.
Pentest of a Financial Portal
For a German mid-sized company, we conduct an annual penetration test of a SaaS platform. The platform is based on Java and is used by several thousand customers. Here too, the actual penetration test always takes place on a test environment, so that DSecured never comes into contact with real customer data. During the first penetration test, several severe vulnerabilities were identified. Over the course of our cooperation, we were able to significantly reduce the number of vulnerabilities. Meanwhile, the company pursues an "on-demand" approach and uses our Pentest as a Service offering.
A small shop system (WordPress WooCommerce) is connected to the platform itself, located on a separate server and also tested by us. The test was conducted as a whitebox test. The SaaS platform was initially a blackbox test and evolved into a greybox test over the years.
Monitoring the Perimeter of a German Automotive Group
A German car manufacturer commissioned us to analyze the state of the external attack surface using Argos. Within a period of a few days, hundreds of vulnerabilities, misconfigurations, and obvious security gaps were found in hundreds of domains and thousands of subdomains. The focus was on severe and critical security vulnerabilities. The company particularly wanted to know about the state of Shadow IT. DSecured received no further information - apart from the company name - and had to proceed like a real attacker.
Argos external attack surface management plays a special role in this type of deployment, as it can provide the relevant data within a few hours. It then monitors the entire perimeter - the company quickly realized how important continuous monitoring is.
Red Teaming for an Airline in the Middle East
This was probably one of the most exciting projects. For a major customer from the Middle East, we planned and executed a Red Teaming engagement. A team of 6 people was deployed. The focus was on externally accessible systems. In consultation with the customer, we were supposed to attempt to access the internal network. The customer wanted to know whether it was possible to access the internal network from the outside and whether it was possible to access critical systems from there.
It turned out that this wasn't necessary in the first step - despite existing security measures, we were able to find critical security vulnerabilities that allowed us to steal and modify flight passenger data. Access to the AD was possible through a compiled program that Argos eASM found. In some cases, we were able to access flight communication systems - fortunately only with read access. The customer has significantly increased investments in IT security!
Pentest as a Service for a Large Publishing House
As part of a long-term collaboration, we were able to conduct penetration tests against the systems of a large publishing house over several months. The publisher opted for our Pentest as a Service offering, as it was important for the company that tests could be conducted regularly and without great effort. With the help of Argos, we were able to quickly identify changes to the publisher's systems and respond accordingly.
With each significant change to a system (API, website, IP, ...), we briefly sat down as a team and attempted (often successfully) to find a vulnerability. This demonstrated how quickly attackers can react and how insidiously even small vulnerabilities can be exploited. Through the collaboration with DSecured, the publisher has significantly improved its IT security and recognized that annual penetration tests are no longer contemporary and can convey a false sense of security. Particularly rewarding was the collaboration with the management level, who were aware that IT security is a process and that the goal is to reduce risks.
We Can Also Help You Improve Your IT Security
As you can see, we have already worked successfully for many clients from various industries and regions. We would be pleased to help you improve your IT security as well.