A company with core business of real estate, construction, tourism, mining and financial investment which head quarter is located in Hong Kong with multiple sites in Mainland China

Size
500+ Employees

Service
Vulnerability Assessment and Penetration Test

Challenge
Organization is getting more concerns in information security as there is a significant increase in cyber security attack nowadays. However, limited review and regular technical assessment in this organization causes the system and network vulnerabilities have been accumulated throughout the years. Given with this scenario and the scale of the technical assessment which has to be conducted across different sites, our technical specialist and pentesters have to put extra effort in evaluating the security and risk level in order to define the baseline security level and controls that are being implemented in the organization. Furthermore, it is also critical to provide practical recommendation as to resolve the issues identified in this technical assessment. 

Solution
Our certified OSCP, OSWP and GPEN conducted network and web application penetration test to simulate hacker’s activities as to prevent external attack. Internal vulnerabilities assessment is also performed to discover the unmanaged asset. Identify the vulnerabilities with technical tools and manual validation with risk level provided.
 
Result
Our security specialists have issued a penetration test and vulnerabilities assessment report on the security findings with different level of severity. Critical vulnerabilities and system deficiencies are identified such as SQL injection, missing security patches and remote code execution are identified through exploitation and privilege escalation that are putting company asset at risk. Technical recommendations and advisories are provided according to the existing industrial standard. Latest security protection methods and tools were also suggested for future improvement.

The technical assessment report including:
 •    Prioritized list of vulnerabilities
 •    Specific information about the vulnerabilities exploited
 •    The risk level of the vulnerabilities
 •    The description and evidence of the vulnerabilities
 •    Potential impact
 •    Technical recommendations

Follow-up
After our assessment and in-depth analysis of the security testing, Ringus has provided a detailed report documenting each security issue with a set of security recommendations (methods and tools) and corrective action plans. Findings walkthrough session is also conducted to ensure our client understand the issues and able to implement those plans accordingly. Ringus has also provided follow-up services for the remediation works to verify that the remedial activities had been successful.
 
Benefit
Our recommendations have provided our client with an up-to-date defense against known vulnerabilities and global hackers, allowing our client to estimate and justify the cost of equipments whenever appropriate in scaling up its security level, providing a continual improvement model. With our comprehensive report, professional recommendations and direct assistance, our client was able to get a realistic idea on the existing security level of their setup. Our work helped the client avert a potential reputational crisis and allowed the company to operate their systems in a confident and secure way.