Overview
Our client is an interdisciplinary construction firm in India that offers a broad range of construction and related facilities for manufacturing, organizational, government, government housing, and domestic developments.
Their facilities span the entire building value stream, from conception and planning to development and post-construction events.
Furthermore, the client has lately industriously expanded its geographical reach into other states and evolved its customer service.
Client Requirement & Case Challenges:
- The client was keenly searching for a web application VAPT audit and IT network & Infrastructure VAPT Audit service provider.
- For Network VAPT, the client required us to analyze and evaluate all the network components from the server, switches, router, printer, firewall, laptop, and desktop access point to all additional network parts.
- The client was looking for Industry standard reports & quality work.
- They were looking for standard service provider which follows OWSAP standard procedure.
- Along with this, the client also required a 1 month Free CSOC Demo.
- Since the client is a large corporation with extensive IT and network equipment, completing the tasks was bulky and took a little longer.
- Despite ofbeing large enterprise, Client have not deployed Active Directories in their Network Infrastructure.
How ECS Provided Solution?
- We created a clear scope of work and SOP for our client to help them set a clear goal.
- Process Requirements for Vulnerability Assessment & Management SOP of the client was :
- Soon after that, signed NDAand thereafter we fixed a quick kick-off meeting
- Wediscovered several vulnerabilities as their project first began. To maintain our client’s integrity we were constantly directing them based on the results that were evaluated.
- ECS performed a VAPT audit of the web application and IT Infrastructure & network in conformance with the latest industry standards to investigate and find all possible
- For Web App VAPT, ECS found several vulnerabilities by following OWSAP guideline:
- -SQL Injection
- -Broken Authentication and Session Management
- -Cross-Site Scripting (XSS)
- For Network VAPT ECS found several vulnerabilities by following OWSAP guideline:
- NFS Exported Share Information
- Disclosure rexecd Service Detection
- Flexera FlexNet Publisher Multiple Vulnerabilities
- QNAP QTS / QuTS Hero DEADBOLT Ransomware
- VNC Server Unauthenticated Access
- Owing to the client’s extensive IT and network infrastructure we took our time to study and deliver in-depth mitigation reports to our client. The report would guide them on how to avoid evaluated vulnerabilities hereafter.
- Our team adhered to all the Top 10 OWASP standards for helping our clients get the most efficient VAPT audit experience.
Results
- We delivered constant support to our clients by providing daily reports of all activities undertaken to perform VAPT.
- After the project was completed, we proposed what ought to be done and what must be incorporated to mitigate
- We discovered the possible loopholes in the system and curated a mitigation report for our client in order to keep them at bay.
- The client was absolutely delighted with the ECS team’s 24-hour customer care assistance.
- The client was always in contact with our Technical Expert to get the status updates of the situation of their VAPT audit.
- All the critical vulnerabilities were evaluated and configured for the client’s convenience.
- ECS offered 1 month Free CSOC Demo as per client’s requirement.
- As a result of all the active measures take by our team, client’s security posture were improved
Conclusion
At ECS, we believe in going several extra mile to deliver our clients with extraordinary and efficient VAPT and related services. We have a legacy of providing constant support, regular updates, in-depth reports, and so on to serve our clients a little better every time they trust us.
As a leading vapt audit service provider in india, we have a history of successful clientele. With growing awareness of cyber breaches and the growing technology tide, VAPT certification in India is constantly becoming more logical to prevent security attacks. We will continue to astound our clients with the best VAPT audit services around the clock.