Client

A leading telecom company constantly working to introduce newer technologies and constantly working to meet with the growing demands for telecom services.

Challenges

Client has more than 5 million subscribers and almost 2,000 employees with large database holding sensitive data. They wanted our team to protect all the assets from unauthorized access, for this they wanted us to evaluate the security level of the information system by identifying possible vulnerabilities and support their development teams to eliminate any revealed security issues.

What We Did

Our penetration testers revealed a number of vulnerabilities with different levels of risk, besides technical issues we also helped them to evaluate and find an attack. As a result of doing this penetration testing they were able to take prompt security testing measures and eliminate possible negative impact.

Detailed analysis helped us to improve the process of the application. After detailed discussion about their public services, software versions and potential vulnerabilities we provided them the scope for testing all the selected elements of the customer’s network.

Following are the major vulnerabilities we detected

• The possibility to gain control over several network devices using a special control protocol
• Access to the systems using the default admin account
• Listed SQL Injection susceptibilities
• Possibility to get the administrative privileges and reading the database with sensitive data
• Systems susceptible to automated brute force
• Systems susceptible to Denial-of-service attacks
• Other less risky issues such as social engineering attacks, spoofing, cross-site scripting, etc.

Technologies Used

• Web Vulnerability Scanner
• Burp Suite
• Metasploit
• Nmap
• SQLMap

Results

• We prepared a technical description of the detected system vulnerabilities with their classification according to how harmful for the system and business they potentially are.
• Actionable recommendations to eliminate the revealed security issues, as well as strategic security measures to secure the company’s resources in the long run.

Our Security Testing Services, enabled the client to get insights into potential security weaknesses present in their environment, eliminate many security risk and make necessary modifications as threats evolve.

Reach out to us and know more about our approach to protect your resources.

Client

The client is an US based provider of automation and systems integration services

Challenges

The client had several of its engineers working onsite at different locations. It wanted an application that would allow its engineers to share data (drawings, files etc.,) among themselves and also with their customers.

What We Did

ANGLER developed a web-based application as a solution to the client’s requirement. The application allowed sharing of files between customers and engineers working on the same project. The application had features like file sharing, project creation and privileged-based access to executives & customers. The application was designed to handle files with large sizes.

Testing Technologies

Results

The solution allowed the client to

• Reduce communication costs
• Securely transfer data
• Work more closely with clients
• Transfer large files across geographical boundaries

The solution additionally allowed the client to build better relations with its team of engineers and most importantly its clients.

Client

The client is powering the hottest Ruby-on-Rails web applications. From CISCO to ESPN to Live Nation, they are bringing Ruby-on-Rails to business-critical applications. The company has one of the largest and most experienced Ruby on Rails teams tuned in to the latest web technologies and aesthetics, with a broad palette of agile practices to help client projects succeed. They are headquartered is in Santa Barbara, California and also have international offices in London, England, Dublin and Ireland.

Challenges

The client is bringing Ruby-on-Rails solutions, interactive innovation and mobile technology to critical business applications. The process involved manual testing of web application and sending the bug report to the development team on a daily basis.

What We Did

ANGLER studied the clients business process and their requirements clearly about the web application functionalities through the exploratory testing and checking with wire-frame modules and checklist documents, prepared the test cases based on the functionalities and stored in Google docs. The client and ANGLER both of them have access to check the document & update it. Main purpose of testing the application is that it should work on cross platform with multiple browser compatibility. The bugs were updated daily and also have the discussion with client about the product through the Skype (or) Tele-call. ANGLER reported the consolidated status of the testing and logged the bugs in Bug Tracking Tool for future reference.

Testing Technologies

Results

Since the process of development were implemented parallely (Test-Driven Development), the bugs were immediately reported to the development team for corrective action thereby the saving precious time. If we need any clarification about the project, we will have a chat with client through Skype and the client can make sure, whether the project meets their requirement and testing has been done properly. Besides, the client can have the clear view of the each module and the release.