Get a quote

Case Study - Banking web application portal

We cater to a wide variety of customers typically for their network assessment, website pen-testing needs. Besides these we cover multiple offerings in the cyber security domain, for almost all industry sectors. Below are few categorized based on industry sectors which you can refer to.

Book a Free Consultation

Case Study -Banking web application VAPT

Task Title

Penetration testing of a banking web application portal

Industry Vertical

Finance (Banking)

Industry Vertical

Co-operative bank
Online customer base > 10000
Famous and wealthy bank in India's co-operative banking regime

Location

Mumbai (India)

Time to solution

1 Month
bank-web-vapt-pentesting-cyber-security-case-study

Business situation

The co-operative private bank provides e-banking and e-commerce facilities to multiple end customers and multiple banking and payment gateway industries all over the country. Web based e-banking portal is deployed and being heavily used, with an availability of 24x7x365. Customers perform transactions such as account checking, money transfer, e-bill payment, mobile payment etc. Bank wanted to perform web penetration test, patch deployment test, and other few tests enforced as a pre-requisite by RBI (Reserve Bank of India).

Bank also wanted to perform black hat and gray hat testing to protect from external and internal attacks. Valency Networks was approached to suggest right strategy to address these concerns, and perform tests and produce results.

Solution

  • Valency Networks had a kickoff meeting with firm’s senior management and a series of meetings with IT management and technology staff to understand web portal design.
  • It was suggested that the network components protecting web infrastructure should also be pentested. The components were, a router, firewall, intrusion detection system, L3 switches.
  • A series of non-intrusive tests were performed to gather information and perform technical reconnaissance.
  • Based on the information gathered, appropriate tools were selected and a series of deep-dive tests were performed on the network and web infrastructure. Logs were captured.
  • A separate set of scanning and penetration tests were performed targeting the network components mentioned above.
  • Specific critical web vulnerabilities such as code-red, sql injection, XSS attack, AJAX attack etc, were performed too.
  • Finally, two intrusive attacks were performed during off-business hours. Those were “Password bruteforce attack” and “Denial of Service attack”.
  • Elaborate log processing was performed and a report with all severity 1, 2, 3 vulnerabilities and the corresponding suggestions to fix, was created.
  • Bank management was informed about maintaining the confidentiality of the report
  • A tactical and strategic patch deployment schedule was provided, to segregate “Must patch immediately” and “Should patch eventually” lists of missing patched.
  • Report was signed-off by the bank’s IT management.

Benefits

  • Banks web portal infrastructure was thoroughly tested, which helped bank’s management gain confidence to advertise the portal further to multiple customers.
  • As an outcome of penetration test, the banks money transaction process was revamped to strengthen audit trails and security. A new firewall was deployed to shut the denial of service attack at the door step.
  • A professional pen-test report helped bank create IT audit policies and standard operating procedures.
  • This further led to getting RBI approval for increased business

More Case Study

Content Sniffing

IT software developemt
Read More

Content Sniffing

SCADA based automation
Read More

Content Sniffing

Manufacturing company
Read More

What Our Clients Say

These testimonials are a proof why we are Top Cyber Security Company, and also Best VAPT Consulting Organization.

CN

Cloud analytics mobile and cloud app product, catering to banking and finance industry

Banglore, India

SaaS Product

“We run a cutting-edge data analytics firm, and Valency Networks did a great job pentesting our SaaS cloud app. The reports and manual testing quality were excellent. Thank you, Valency team.”

CN

Cloud analytics mobile and cloud app product, catering to banking and finance industry

Banglore, India

SaaS Product

“We run a cutting-edge data analytics firm, and Valency Networks did a great job pentesting our SaaS cloud app. The reports and manual testing quality were excellent. Thank you, Valency team.”

CN

Cloud analytics mobile and cloud app product, catering to banking and finance industry

Banglore, India

SaaS Product

“We run a cutting-edge data analytics firm, and Valency Networks did a great job pentesting our SaaS cloud app. The reports and manual testing quality were excellent. Thank you, Valency team.”