Skip to content

Case Study

Penetration Testing for The Education Section

Security review to ensure personal information is protected in web application & to upskill internal team

case study images (1)
case study images

The Client

YMCA George Williams College

YMCA George Williams College were looking to engage with a Cyber Security partner to conduct a comprehensive security review of their web application service offering and provide a development day to upskill internal staff.

They needed to ensure the security of the personal information held on their web application and ensure their compliance with industry regulations.

Scoping & Pre-Testing

To accurately provide a quotation, a scoping call took place with one of CybaVerse's Account Managers and an experienced Penetration Tester. This enabled CybaVerse to comprehensively understand the needs of the business and the web application. This allowed for an accurate and bespoke proposal to be drawn up that met YMCA George Williams College's exact requirements.

After working through the competitive quotes, the client chose CybaVerse because of the range of services available and the option to have a retest and feedback following the initial test. This would help the business continue their strategy of building secure ecosystems of data with their partners.

It was assessed that YMCA George Williams College required a Web Application Penetration Test and 'discovery day' which allowed CybaVerse to fully explain test findings and support with remediation.

 

Timely Collaboration

Scoping & Pre Testing

To accurately provide a quotation, a scoping call took place with one of CybaVerse's Account Managers and an experienced Penetration Tester. This enabled CybaVerse to comprehensively understand the needs of the business and the web application. This allowed for an accurate and bespoke proposal to be drawn up that met YMCA George Williams College's exact requirements.
 
After working through the competitive quotes, the client chose CybaVerse because of the range of services available and the option to have a retest and feedback following the initial test. This would help the business continue their strategy of building secure ecosystems of data with their partners.
 
It was assessed that YMCA George Williams College required a Web Application Penetration Test and 'discovery day' which allowed CybaVerse to fully explain test findings and support with remediation.

Timely Collaboration

Testing

CybaVerse use extensive experience alongside industry guidelines such as the OWASP Top Ten to conduct the assessment of the web applications. Our tester first scopes the web applications by crawling the site and finding all pages and any search functions. This will build a picture of possible attack vectors.

Our consultants will always cover the OWASP Top-10 vulnerabilities that commonly affect web applications:

 

  • Vulnerable and Outdated Components
  • Identification and Authentication Failures
  • Software and Data Integrity Failures
  • Security Logging and Monitoring Failures
  • Server-Side Request Forgery (SSRF)
  • Broken Access Control
  • Cryptographic Failures
  • Security Misconfiguration
  • Insecure Design
  • Injection

 

Sensitive Data Handled

Discovery Day

Web App Testing

Report & Support

Project Outcome

Throughout the engagement, the YMCA George Williams College was kept continuously updated with progress for any high or critical findings, allowing the client the opportunity to begin remediating and working with CybaVerse to fix any immediate issues.

CybaVerse always present a clear, detailed, easy-to-read report making it easy for management to understand the risks the business faces. The report includes technical findings, detailing how the vulnerabilities were found to allow the client to recreate the proof of concept and follow remediation guidance.

In this instance, CybaVerse worked alongside the client, working through each finding and offering support and ensuring the swift remediation of any vulnerabilities.

Ready To Command Your Mission?

Our work with SIA shows what is possible when cyber security is approached with clarity, structure and the right support.

Whether you are strengthening your security posture, working towards certification or responding to a recent incident, our team is here to help.

Fill out the form and a member of our team will be in touch to discuss your requirements.
sse
orbus
thinkmoney
knowledgeacademy
onlinedirect
janes
mammoet
millbrook
pickfords-1
dwf
unipart
sportradar