Skip to content

Case Study

Security First Penetration Testing

Custom-built SaaS organisation chooses bespoke security-first Penetration Testing service from CybaVerse. 

OnlineDIRECT Logo
OnlineDIRECT

The Client

OnlineDIRECT

In 2003, OnlineDIRECT became the UK's first business energy aggregator; a platform that has enabled them to provide market access and support to thousands of brokers.

Today, they go well beyond simple aggregation by providing market leading training, support and technology services to Brokers and TPI's. OnlineDIRECT have access to an array of data so it was crucial for them to ensure their applications were secure.

 

The Requirements

OnlineDIRECT were looking to engage with a Cyber Security partner to conduct a comprehensive security review of their web application service offering. They had already received a tender from another large cyber security vendor, with an approximate timeframe of 5 days to complete engagement. They were then recommended CybaVerse by a colleague, and they reached out to ask for a quotation.

To accurately provide a quotation, credentials were obtained and CybaVerse assigned a tester to comprehensively explore the application in order to accurately understand the effort involved in meeting the client requirements. This enabled a quotation to be provided which was a true and accurate reflection of the client’s needs. A tender was submitted a quotation with a timeframe of 25 days to complete testing.

Working Together

Services Needed

 After working through the requirements and conducting the initial investigation, it was determined that the scope of work would include a comprehensive web application assessment aligned with the OWASP Top Ten as a minimum, an internal penetration test covering the network and Active Directory and an external penetration test.

Due to the depth of the assessment, which included extensive manual testing rather than relying solely on automated scanning tools, CybaVerse proposed a timeframe that was five times greater than other quotations the client had received.

Despite this, CybaVerse was successful in the tender process, with the work scheduled to be delivered within an agreed timeframe. 

 

Full OWASP Web Application Assessment

External Penetration Test on the external network infrastructure

Internal Penetration Test of Network & Active Directory

case study images (5)
 

Report and Remediation

Project Progress

From scope to project completion, CybaVerse’s technical experts stay in constant contact with clients to keep the client up to date with testing progress and reporting critical findings.

CybaVerse was granted access to the backend of their systems, which enabled them to confirm findings and provide a more detailed analysis of the vulnerabilities.

The final report provided always includes technical findings, detailing how the vulnerabilities were found to allow the client to recreate the proof of concept and follow remediation guidance.

Post engagement, CybaVerse worked with the client to provide expert advice and consultancy on hardening measures.

 

Ready To Command Your Mission?

Our work with OnlineDIRECT shows what is possible when cyber security is approached with clarity, structure and the right support.

Whether you are strengthening your security posture, working towards certification or responding to a recent incident, our team is here to help.

Fill out the form and a member of our team will be in touch to discuss your requirements.
sse
orbus
thinkmoney
knowledgeacademy
onlinedirect
janes
mammoet
millbrook
pickfords-1
dwf
unipart
sportradar