November 29, 2024 2 min read

Web App Penetration Test for Edutech Startup

Client

SelfLeaders is one of Keenethics’ clients, a Swedish company specializing in personal development and corporate culture transformation. Since 2009, they have been offering educational modules, tools, training events, and workshops aimed at fostering personal growth and professional development in self-leadership. Their clientele includes businesses of all sizes, NGOs, and public sector organizations.

Challenge

As SelfLeaders expanded their services, they developed a corporate training and education platform used by numerous large companies and enterprises. They needed to ensure that this platform was secure and free from severe vulnerabilities that could compromise sensitive data or disrupt services. Their primary goals were to:

  • Evaluate the current state of security of their platform.
  • Identify and remediate any critical vulnerabilities.
  • Enhance the security expertise of their development team.

Solution

Iterasec provided comprehensive cybersecurity services to address SelfLeaders’ needs:

  • Penetration Testing: Conducted an in-depth application-level penetration test following the OWASP methodology to uncover potential security issues.
  • Vulnerability Assessment: Identified several vulnerabilities that could have led to data leakage and denial-of-service attacks, including:
    • Compromise of the company’s SMTP server.
    • Multiple instances of broken access control.
    • Denial-of-service risks.
    • Multiple GraphQL vulnerabilities.
  • Reporting and Recommendations: Compiled a detailed penetration testing report summarizing all findings and provided actionable recommendations for remediation.
  • Remediation Support: Collaborated with SelfLeaders’ development team to fix the identified security issues and ensured that the fixes were correctly implemented.

Outcome

  • Enhanced Security: Successfully identified and patched 1 critical, 2 high-severity, and several lower-severity vulnerabilities.
  • Secure Platform Release: Released a new, more secure version of the platform, reducing the risk of data breaches and service disruptions.
  • Empowered Team: The development team gained valuable security experience and improved their ability to incorporate security best practices into future projects.
  • Increased Client Trust: Strengthened the platform’s security posture, thereby enhancing trust with existing clients and appealing to potential new customers concerned about security.

Conclusion

Iterasec’s partnership with SelfLeaders significantly enhanced the security of their corporate training platform. By identifying and addressing critical vulnerabilities and empowering the development team with essential security skills, SelfLeaders can now confidently provide secure and reliable services to their clients. This collaboration allowed them to focus on their core mission of fostering personal and organizational growth while ensuring robust cybersecurity measures are in place.



Don’t want to miss anything?

Subscribe to keep your fingers on the tech pulse. Get weekly updates on the newest stories, case studies and tips right in your mailbox.