Providing a water company with comprehensive recommendations for strengthening security

Our client, a major player in the UK water industry, asked us to perform an overall security review of its external network infrastructure and its remote working (Citrix )environment to identify any areas of concern. As part of the review, we were asked to perform an assessment of the Toughbooks used by employees working in the field.

We undertook a website application security test of both the internally and externally accessible assets, covering all the web applications, as well as performing an external infrastructure assessment for all the hosts. We also undertook a Citrix breakout assessment to test the security of the login portal and establish whether security controls effectively prevented Citrix users from executing operating system commands, escalating privileges or gaining access to sensitive company information. Our testing concluded with VPN testing to check the configuration of a Juniper SSG device, and a review of the Cisco firewall to identify any weakly configured rules, objects or configuration weaknesses, such as admin controls and exposed management services.

We provided our client with a comprehensive report of our findings, including detailed recommendations to help them fix the security issues quickly and efficiently. Our work gave the company a clear understanding of the security gaps in its infrastructure, and a plan for improving security and raising security awareness across the company’s technical team.

If you require a website security test for your business, contact one of our penetration testing experts today or read more about our technical cyber security services.

If you would like to develop your own knowledge and skills in the latest website application testing techniques, then find out about our range ​of expert-led ethical hacking training courses.