Tightening cyber security around commercially sensitive data created with a COTS application

Digital technology has transformed the way that marketing is managed, with web analytics giving companies an extraordinary degree of insight into the impact that marketing campaigns have on their brands. This is highly sensitive commercial data that needs to be secured on all fronts, including against internal risks.

Our client, a major player in the marketing industry, wanted to be confident that the sensitive data on campaigns it created using a COTS application was not at risk of being stolen or compromised by low-privileged, non-technical users or a disgruntled employee.

We carried out in-depth penetration testing on our client’s framework, probing it from a number of security perspectives (unauthenticated and authenticated end-users). We found several areas that fell short of industry-standard cyber security best practices and that needed to be addressed immediately. In particular, we found the application lacked input validation checks, which results in flaws like cross-site-scripting, which could allow an attacker to by-pass security controls. We also found one feature of the application was susceptible to an arbitrary file download flaw, which would allow an unauthorised user to download any file from the server.

Our report included precise recommendations for each high-, medium- and low-risk issue we had identified. As a result, our client now has a detailed understanding of the gaps in its framework and the knowledge required to increase security levels to safeguard sensitive data from internal attack.

If you need help securing your applications and infrastructure, speak to one of our penetration testing ​experts or read more about our penetration testing services. 

Or to develop your own knowledge and skills in the latest growing penetration testing techniques, find out about our leading ethical hacking ​certifications.