Challenges  The client wanted independent assurance that the public-facing web applications used by customers and brokers could not be leveraged by an external attacker to obtain personal data, manipulate session...

Challenges  The client’s primary concern was the resilience of its consumer-facing life insurance applications against external attack, while preserving uninterrupted access for live customers. Testing was carried out in a...

A mid-sized organization in the pension sector based in the United Kingdom asked CyberGlobal to perform a web application security assessment of an important customer-facing platform. The platform is…...

Challenges The assessment showed that the application did not fully control who could view or change certain information.    Here are a few important issues the team discovered:  All these issues reduced trust in the platform’s...

Challenges  Through this assessment, CyberGlobal’s team discovered that the company had a large number of highly privileged accounts with broad control over important systems.   When so much power is spread across many accounts, the risk of...

Challenges  During the assessment, the team discovered a few serious security issues that could put the company’s systems and customer data at risk, namely:  These findings showed that the client needed...

Challenges  The assessment showed that some of the application’s security controls were more open than they should have been. For instance, the system trusted external websites and online sources too easily. This created a risk...

Challenges  The cybersecurity assessment uncovered a major issue, namely that a settings area on the company’s POS devices could be accessed without proper permission.   This meant that anyone who could physically reach a...

Challenges  The assessment discovered that the biggest risk was how the organization managed digital identities and internal trust. A misconfiguration in the system that issues digital certificates could have allowed an attacker to gain...

Challenges  The main issue the team discovered was incomplete control over which devices and applications could access corporate resources. In particular, the lack of restrictions meant that devices that didn’t meet internal security expectations could still connect.   Related issues showed...