{"id":3275,"date":"2020-08-13T13:33:09","date_gmt":"2020-08-13T13:33:09","guid":{"rendered":"https:\/\/www.varutra.com\/?page_id=3275"},"modified":"2022-09-14T13:17:08","modified_gmt":"2022-09-14T07:47:08","slug":"security-assessment-case-study","status":"publish","type":"page","link":"https:\/\/www.varutra.com\/varutravrt3\/security-assessment-case-study\/","title":{"rendered":"Security Assessment Case study"},"content":{"rendered":"<p>\r\n<section class=\"sh-section sh-section-6a9cf0825606bb954dc527ada0980582 fw-main-row sh-section-visibility-everywhere\">\r\n\t\r\n\t\r\n\t<div class=\"sh-section-container container-fluid\">\r\n\t\t<div class=\"fw-row\">\n\t\r\n<div class=\"sh-column sh-column-722321dfc395ed77421d301a4a91ae82 fw-col-xs-12 padding-custom0\" >\r\n\r\n\t\r\n\t<div class=\"sh-column-wrapper\">\r\n\t\t\r\n<div class=\"sh-revslider\" id=\"revslider-ae9d41c48f73debb57639485e01fdb0e\">\r\n\t<\/div>\r\n\t<\/div>\r\n\r\n\r\n\t\t\r\n\r\n<\/div>\r\n<\/div>\n\n\t<\/div>\r\n<\/section>\r\n\r\n<section class=\"sh-section sh-section-2c14e8aebb986ae66edc7c5509b1b033 fw-main-row col-reverse sh-section-visibility-everywhere\" id=\"about-us-slide-up-2\">\r\n\t\r\n\t\r\n\t<div class=\"sh-section-container container section-justify-height section-justify-height-only\">\r\n\t\t<div class=\"fw-row\">\n\t\r\n<div class=\"sh-column sh-column-6ff9d57b0403602ede3d23c4acaa96ff fw-col-xs-12 fw-col-sm-9 sh-animated fadeInUp\" data-wow-duration=\"1s\"data-wow-delay=\"0.2s\">\r\n\r\n\t\r\n\t<div class=\"sh-column-wrapper\">\r\n\t\t\r\n<div id=\"text-block-5272cf0576f85a383fd4d7953301fd32\" class=\"sh-text-block\">\r\n\t<div class=\"varutra-advantage-sec\"><h3 class=\"text-center\">Security Assessment Case Study<\/h3><\/div><\/div>\r\n\r\n<div id=\"text-block-371094b6ef192dcebb43b81628cb02ff\" class=\"sh-text-block\">\r\n\t<div class=\"abt-section-content\"><h3 class=\"margin-b-10\">About Our Client<\/h3><p class=\"abt-content dark-font\">The client is a major non-banking finance company (NBFC). The Company is engaged in lending and allied activities. It focuses on consumer lending, small and medium-sized enterprises (SME) lending, commercial lending, rural lending, fixed deposits and value-added services. Its consumer lending products include two-wheelers and three-wheelers finance, consumer durables finance, digital products finance, retailer finance, salaried personal loans, e-commerce consumer finance, e-commerce seller finance and home loan.<\/p><h3 class=\"margin-b-10\">Objective<\/h3><p class=\"abt-content dark-font\">The client sought Varutra for advice on securing their entire Network Infrastructure from security threats which can lead to loss in Confidentiality, Integrity and Availability (CIA) of the data. Client wanted to ensure that their Infrastructure meets all the security standards.<\/p><h3 class=\"margin-b-10\">The Challenge<\/h3><p class=\"abt-content dark-font\">Client\u2019s major business goal was to provide their customers with secure platform to manage their financial transactions. It was imperative for the Client to ensure that their application was not susceptible to technical or design flaws while providing a smooth banking experience to its customers. Hence, Varutra team to be more cautious while conducting the security assessment which won\u2019t disrupt availability of the application.<\/p><p class=\"abt-content dark-font\">Major concern was to secure the customer\u2019s sensitive data, client being from financial background has developed applications considering all secure configurations like SSL Pinning and root detection implemented.<\/p><\/div><\/div>\r\n\t<\/div>\r\n\r\n\r\n\t\t\r\n\r\n<\/div>\r\n\r\n<div class=\"sh-column sh-column-9e88f1809071acd6ea78f6c3f48a7e14 fw-col-xs-12 fw-col-sm-3 sh-animated fadeInUp\" data-wow-duration=\"1s\"data-wow-delay=\"0.2s\">\r\n\r\n\t\r\n\t<div class=\"sh-column-wrapper\">\r\n\t\t\r\n<div id=\"text-block-687234eaac090c82f632bf18c6a9ecd2\" class=\"sh-text-block\">\r\n\t<div class=\"abt-section-content\"><h3 class=\"text-white\">Security Standards Followed at Varutra<\/h3><\/div><\/div>\r\n\r\n<div id=\"text-block-27ea5fc9da4df4ceec7f744d9cda3cc0\" class=\"sh-text-block\">\r\n\t<p class=\"abt-content text-white\">Varutra\u2019s security assessment methodology is in accordance with best standards and follows guidelines from <strong>OSSTMM, OSINT, NIST, ISSAF, CIS and OWASP <\/strong> for web and mobile and <strong>SANS <\/strong>for Network Penetration Testing. Varutra follows <strong>Application Security Verification Standard (ASVS)<\/strong> which helps developers with the requirement for secure development.<\/p><\/div>\r\n\t<\/div>\r\n\r\n\r\n\t\t\r\n\r\n<\/div>\r\n<\/div>\n\n\t<\/div>\r\n<\/section>\r\n\r\n<section class=\"sh-section sh-section-6a7f83190230cdb9f91b6952dc09b91c fw-main-row industry-img-sec-bg-gradient padding-tab-mobile  sh-section-visibility-everywhere\">\r\n\t\r\n\t\r\n\t<div class=\"sh-section-container container section-justify-height\">\r\n\t\t<div class=\"fw-row\">\n\t\r\n<div class=\"sh-column sh-column-17f52b52d168f2668d0f24af3e49c0e8 fw-col-xs-12 image-80-percent sh-animated fadeInUp\" data-wow-duration=\"2s\">\r\n\r\n\t\r\n\t<div class=\"sh-column-wrapper\">\r\n\t\t\r\n<div id=\"text-block-c0fb02ab6e9ecc435c8a279e9ca3b23f\" class=\"sh-text-block\">\r\n\t<div class=\"varutra-advantage-sec\"><h3 class=\"text-center text-white\">Our Approach<\/h3><\/div><\/div>\r\n\r\n<div id=\"text-block-61ae9204da24e1051339bc6c8f805e18\" class=\"sh-text-block\">\r\n\t<div class=\"row\"><div class=\"col-xs-12 col-12 col-sm-12 \"><div class=\"our-team-sec\"><p class=\"industry-imgsec-p\">Varutra\u2019s methodology involves assessing the security posture of the critical servers and networking devices to find out vulnerabilities (if any) to check the security of server systems from an attacker\u2019s point of view; specifically, as an internet malicious user, and determine if the hosts could be compromised to gain access impacting Confidentiality, Integrity and Availability of data.<\/p><ul class=\"li-p-b-20\"><li class=\"industry-imgsec-p\">Pentesters gathered information related to the organization in the Reconnaissance Phase which includes sensitive data like IP addresses, dumped data on darknet, email IDs, phone numbers which was used to perform various social engineering attacks.<\/li><li class=\"industry-imgsec-p\">Upon performing all passive scans and gaining sensitive information related to the organization Pentesters initiated with Active scanning phase on the target which involved the scanning of various ports and find vulnerabilities related to it.<\/li><li class=\"industry-imgsec-p\">The client network was consisting of various technologies such as firewall, IPS, web servers, database, networking devices, SMTP servers etc. The goal was to understand the current level of external risks which may compromise the sensitive data of the customer as well as the organization.<\/li><li class=\"industry-imgsec-p\">With the client permission, pentesters started with black box testing for web application in which they found many critical and high vulnerabilities, SQLi lead to Remote Code Execution, by which Pentesters were able to dump database and also get the source code of the application.<\/li><li class=\"industry-imgsec-p\">After getting the source code of the application, Pentesters started analyzing source code of the application which lead to discovering several high severities as well as medium severity vulnerabilities.<\/li><li class=\"industry-imgsec-p\">By logging in to the application Penteters also discovered business flaws which can lead to high business loss. Pentesters also tried to exploit each vulnerability and manually assessed full application and source code.<\/li><li class=\"industry-imgsec-p\">Post completion of the web application assessment, pentesters started the assessment of mobile application with static analysis and reversing the application to understand application behavior. Reversing application helped Pentesters in dynamic testing which lead to many vulnerabilities like SQLi, authentication bypass etc. Pentesters edited SMALI code to bypass root detection and virtualization detection.<\/li><li class=\"industry-imgsec-p\">Post successful completion of Network, Device Conf. Audit, Web and Mobile Application security assessment, Varutra was engaged to perform encryption audit for the organization as well.<\/li><\/ul><\/div><\/div><\/div><\/div>\r\n\r\n<div id=\"single-image-2d926a35aeddbd6b70bf5ca9a4d30398\" class=\"sh-single-image  \">\r\n\t<div class=\"sh-element-margin\">\r\n\r\n\t\t\r\n\t\t\t<div class=\"sh-single-image-container\">\r\n\t\t\t\t\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"\/\/www.varutra.com\/wp-content\/uploads\/2020\/08\/img.jpg\" rel=\"lightbox\">\r\n\t\t\t\t\t\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" class=\"sh-image-url\" src=\"https:\/\/www.varutra.com\/varutravrt3\/wp-content\/uploads\/2020\/08\/img.jpg\" alt=\"img\" \/>\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\r\n\t\t\t\t\t\t\t\t\t\t\t<\/a>\r\n\t\t\t\t\t\t\t\t\t\r\n\t\t\t\t\t\t\t<\/div>\r\n\r\n\t\t\r\n\t<\/div>\r\n<\/div>\r\n\t<\/div>\r\n\r\n\r\n\t\t\r\n\r\n<\/div>\r\n<\/div>\n\n\t<\/div>\r\n<\/section>\r\n\r\n<section class=\"sh-section sh-section-61f86be47823302b5a7711aa8219cf1e fw-main-row sh-section-visibility-everywhere\" id=\"about-us-slide-up\">\r\n\t\r\n\t\r\n\t<div class=\"sh-section-container container\">\r\n\t\t<div class=\"fw-row\">\n\t\r\n<div class=\"sh-column sh-column-497dd723cc69750ede91a61425e39d19 fw-col-xs-12 sh-animated fadeInUp\" data-wow-duration=\"1s\"data-wow-delay=\"0.2s\">\r\n\r\n\t\r\n\t<div class=\"sh-column-wrapper\">\r\n\t\t\r\n<div id=\"text-block-ec99eb8a3f4ce7211d0ff02ce5d8f457\" class=\"sh-text-block\">\r\n\t<div class=\"abt-section-content\"><h3 class=\"text-left\">Key Findings & Observations<\/h3><p class=\"abt-content dark-font text-left\">Varutra, with its skilled Pentesters, was able to break into the organization\u2019s infrastructure both using network as well as web application attack surface and gain access to the systems. While doing assessment Varutra found multiple critical vulnerabilities which are as below:<\/p><div class=\"col-desc-12\"><div class=\"tab-desc-content-row\"><div class=\"col-desc-12\"><div class=\"varutra-adv-points\"><ul class=\"varutra-advantage padding-0\"><li class=\"light-font\">Eternal Blue (SMB WannaCry)<\/li><li class=\"light-font\">Open mail relay on SMTP server<\/li><li class=\"light-font\">Multiple servers and devices with weak credentials susceptible to brute force attacks<\/li><li class=\"light-font\">SQL Injection<\/li><li class=\"light-font\">External XML Entity (XXE) and Server-Side Request Forgery (SSRF)<\/li><li class=\"light-font\">Improper Session Management and Authentication bypass<\/li><\/ul><\/div><\/div><div class=\"col-desc-12\"><div class=\"varutra-adv-points\"><ul class=\"varutra-advantage padding-0\"><li class=\"light-font\">Database having sensitive data in unencrypted form<\/li><li class=\"light-font\">Security misconfiguration on networking devices<\/li><li class=\"light-font\">Encryption key or subkey were not unique per device<\/li><li class=\"light-font\">No recovery\/master key for database<\/li><li class=\"light-font\">Misconfigured firewall<\/li><li class=\"light-font\">Multiple medium and low severity vulnerabilities<\/li><\/ul><\/div><\/div><\/div><\/div><p class=\"abt-content dark-font text-left margin-t-10\">The assessment was done with the automated testing using commercial and open source tools as well as extensive manual testing for verification and validation. This was the most important phase of a penetration test because it effectively demonstrates the impact of breach for the concern organization.<\/p><\/div><\/div>\r\n\t<\/div>\r\n\r\n\r\n\t\t\r\n\r\n<\/div>\r\n<\/div>\n\n\t<\/div>\r\n<\/section>\r\n\r\n<section class=\"sh-section sh-section-2dee3c79d3b81b18c4949a097891e09f fw-main-row sh-section-visibility-everywhere\">\r\n\t\r\n\t\r\n\t<div class=\"sh-section-container container\">\r\n\t\t<div class=\"fw-row\">\n\t\r\n<div class=\"sh-column sh-column-75bf03b238443fc4dec84d5fb94798b1 fw-col-xs-12\" >\r\n\r\n\t\r\n\t<div class=\"sh-column-wrapper\">\r\n\t\t\r\n<div id=\"text-block-96fdb1f65f7c4fb8895eec5bd4baa549\" class=\"sh-text-block\">\r\n\t<div class=\"services-sec-intro text-center\"><h3 class=\"text-center\">Deliverables<\/h3><\/div><\/div>\r\n\r\n<div id=\"text-block-d78e71b205138cceef033e6363775417\" class=\"sh-text-block\">\r\n\t<p class=\"abt-content dark-font text-center\">The reports and remediation provided by Varutra were customized to match the Client\u2019s operational environment and requirement. <br \/>The following reports were submitted to the client:<\/p><\/div>\r\n\t<\/div>\r\n\r\n\r\n\t\t\r\n\r\n<\/div>\r\n<\/div>\n\n<div class=\"fw-row\">\n\t\r\n<div class=\"sh-column sh-column-b4279788afa2c18896c8241839320503 fw-col-xs-12 fw-col-sm-4 audit-icon-1\" >\r\n\r\n\t\r\n\t<div class=\"sh-column-wrapper\">\r\n\t\t\r\n<div id=\"icon-9b9684e7aafaeb44f1dc71fb227e365b\" class=\"sh-icon  sh-icon-center\" >\r\n\r\n\t\r\n\t\t<div class=\"sh-element-margin\">\r\n\t\t\t<div class=\"sh-icon-container\">\r\n\t\t\t\t<i class=\"sh-icon-data ti-cup\"><\/i>\r\n\t\t\t<\/div>\r\n\t\t<\/div>\r\n\r\n\t<\/div>\r\n\r\n<div id=\"text-block-2cf370dd947d57669c334e17244c226b\" class=\"sh-text-block\">\r\n\t<p class=\"abt-content dark-font text-center\"><strong>Executive Report<\/strong><br \/>Overview of the entire engagement, the vulnerabilities statistics and the roadmap for the recommendations made to mitigate the threats identified.<\/p><\/div>\r\n\t<\/div>\r\n\r\n\r\n\t\t\r\n\r\n<\/div>\r\n\r\n<div class=\"sh-column sh-column-380fdb0c2438f09118496a6cd42c300b fw-col-xs-12 fw-col-sm-4 audit-icon-2\" >\r\n\r\n\t\r\n\t<div class=\"sh-column-wrapper\">\r\n\t\t\r\n<div id=\"icon-2d4f069fb9651edf3fac7a9009fd4fb2\" class=\"sh-icon  sh-icon-center\" >\r\n\r\n\t\r\n\t\t<div class=\"sh-element-margin\">\r\n\t\t\t<div class=\"sh-icon-container\">\r\n\t\t\t\t<i class=\"sh-icon-data ti-cup\"><\/i>\r\n\t\t\t<\/div>\r\n\t\t<\/div>\r\n\r\n\t<\/div>\r\n\r\n<div id=\"text-block-7923c202fc732ad36d38c63c2fb28d20\" class=\"sh-text-block\">\r\n\t<p class=\"abt-content dark-font text-center\"><strong>Technical Report<\/strong><br \/>Comprehensive information, proof of concept examples and detailed exploitation instructions of all the threats\/vulnerabilities identified and remediation for the same.<\/p><\/div>\r\n\t<\/div>\r\n\r\n\r\n\t\t\r\n\r\n<\/div>\r\n\r\n<div class=\"sh-column sh-column-e84dbe0617a61c84befd0db9a60d8163 fw-col-xs-12 fw-col-sm-4 audit-icon-3\" >\r\n\r\n\t\r\n\t<div class=\"sh-column-wrapper\">\r\n\t\t\r\n<div id=\"icon-9492c18ce8c9e3f4da9efed66c552156\" class=\"sh-icon  sh-icon-center\" >\r\n\r\n\t\r\n\t\t<div class=\"sh-element-margin\">\r\n\t\t\t<div class=\"sh-icon-container\">\r\n\t\t\t\t<i class=\"sh-icon-data ti-cup\"><\/i>\r\n\t\t\t<\/div>\r\n\t\t<\/div>\r\n\r\n\t<\/div>\r\n\r\n<div id=\"text-block-ca11650d1253347b1441b7c51774c0c8\" class=\"sh-text-block\">\r\n\t<p class=\"abt-content dark-font text-center\"><strong>Mitigation Tracker<\/strong><br \/>Simple and comprehensive vulnerability tracker aimed at helping the IT asset owner\/administrator to keep track of the vulnerabilities, remediation status, action items, etc.<\/p><\/div>\r\n\t<\/div>\r\n\r\n\r\n\t\t\r\n\r\n<\/div>\r\n<\/div>\n\n\t<\/div>\r\n<\/section>\r\n\r\n<section class=\"sh-section sh-section-9f82defd9f2f8bceb0ac2e55f66e9a5b fw-main-row sh-section-visibility-everywhere\">\r\n\t\r\n\t\r\n\t<div class=\"sh-section-container container\">\r\n\t\t<div class=\"fw-row\">\n\t\r\n<div class=\"sh-column sh-column-75fa326fc70874995fa5f0a7f5b822c0 fw-col-xs-12\" >\r\n\r\n\t\r\n\t<div class=\"sh-column-wrapper\">\r\n\t\t\r\n<div id=\"text-block-a847b6ae5d140cc184a466170dddab80\" class=\"sh-text-block\">\r\n\t<div class=\"services-sec-intro text-center\"><h3 class=\"text-center\">How Varutra Helped<\/h3><\/div><\/div>\r\n\r\n<div id=\"text-block-cf266e413258d8031f035bf6a7dddc68\" class=\"sh-text-block\">\r\n\t<p class=\"abt-content dark-font text-center\">Our Penetration Test helped numerous clients to identify the potential threats \/ vulnerabilities that could have compromised entire infrastructure. All of our clients are assisted in assessing percentage of potential business and operational impacts of successful attacks \/ exploitation. Additionally, the client gained the following benefits:<\/p><\/div>\r\n\t<\/div>\r\n\r\n\r\n\t\t\r\n\r\n<\/div>\r\n<\/div>\n\n<div class=\"fw-row\">\n\t\r\n<div class=\"sh-column sh-column-88402b9377d799a0e2c5dc161c6257bf fw-col-xs-12 fw-col-sm-3 audit-icon-1\" >\r\n\r\n\t\r\n\t<div class=\"sh-column-wrapper\">\r\n\t\t\r\n<div id=\"icon-6e0652ca913bb6c0d4883a0264d79be8\" class=\"sh-icon  sh-icon-center\" >\r\n\r\n\t\r\n\t\t<div class=\"sh-element-margin\">\r\n\t\t\t<div class=\"sh-icon-container\">\r\n\t\t\t\t<i class=\"sh-icon-data ti-cup\"><\/i>\r\n\t\t\t<\/div>\r\n\t\t<\/div>\r\n\r\n\t<\/div>\r\n\r\n<div id=\"text-block-14854de20bbb5dd691c90e8ec7c871bd\" class=\"sh-text-block\">\r\n\t<p class=\"abt-content dark-font text-center\"><strong>Risk Benefits<\/strong><br \/>Varutra minimized security risks by assessing and analyzing the client\u2019s infrastructure vulnerabilities and recommended solutions and remediation with proven methods to enhance security of organization.<\/p><\/div>\r\n\t<\/div>\r\n\r\n\r\n\t\t\r\n\r\n<\/div>\r\n\r\n<div class=\"sh-column sh-column-204edb93d088c7749297341f986d17e6 fw-col-xs-12 fw-col-sm-3 audit-icon-2\" >\r\n\r\n\t\r\n\t<div class=\"sh-column-wrapper\">\r\n\t\t\r\n<div id=\"icon-ebd073c678b93e3ae19de20900237ce8\" class=\"sh-icon  sh-icon-center\" >\r\n\r\n\t\r\n\t\t<div class=\"sh-element-margin\">\r\n\t\t\t<div class=\"sh-icon-container\">\r\n\t\t\t\t<i class=\"sh-icon-data ti-cup\"><\/i>\r\n\t\t\t<\/div>\r\n\t\t<\/div>\r\n\r\n\t<\/div>\r\n\r\n<div id=\"text-block-0e5c3ad3edff087348a22f1a37cb70bc\" class=\"sh-text-block\">\r\n\t<p class=\"abt-content dark-font text-center\"><strong>Cost Savings<\/strong><br \/>Varutra suggested cost-effective risk-mitigation measures based on the client\u2019s business requirements that would ensure security and continuity of the business.<\/p><\/div>\r\n\t<\/div>\r\n\r\n\r\n\t\t\r\n\r\n<\/div>\r\n\r\n<div class=\"sh-column sh-column-f323f549314266c0f36a24d076edcfae fw-col-xs-12 fw-col-sm-3 audit-icon-3\" >\r\n\r\n\t\r\n\t<div class=\"sh-column-wrapper\">\r\n\t\t\r\n<div id=\"icon-7c837e9644be2eda6c0e88e844ab5cac\" class=\"sh-icon  sh-icon-center\" >\r\n\r\n\t\r\n\t\t<div class=\"sh-element-margin\">\r\n\t\t\t<div class=\"sh-icon-container\">\r\n\t\t\t\t<i class=\"sh-icon-data ti-cup\"><\/i>\r\n\t\t\t<\/div>\r\n\t\t<\/div>\r\n\r\n\t<\/div>\r\n\r\n<div id=\"text-block-6254a596c33f02baa23be9387b098ba3\" class=\"sh-text-block\">\r\n\t<p class=\"abt-content dark-font text-center\"><strong>Customer Satisfaction<\/strong><br \/>Penetration testing was conducted with minimum interruption and outage across client systems\/workstations to identify security vulnerabilities, their impacts and potential risks.<\/p><\/div>\r\n\t<\/div>\r\n\r\n\r\n\t\t\r\n\r\n<\/div>\r\n\r\n<div class=\"sh-column sh-column-9c3947c74ce001e77cb8ef79514eafb3 fw-col-xs-12 fw-col-sm-3 audit-icon-3\" >\r\n\r\n\t\r\n\t<div class=\"sh-column-wrapper\">\r\n\t\t\r\n<div id=\"icon-e7d6697a874586168946ad1501f11c0d\" class=\"sh-icon  sh-icon-center\" >\r\n\r\n\t\r\n\t\t<div class=\"sh-element-margin\">\r\n\t\t\t<div class=\"sh-icon-container\">\r\n\t\t\t\t<i class=\"sh-icon-data ti-cup\"><\/i>\r\n\t\t\t<\/div>\r\n\t\t<\/div>\r\n\r\n\t<\/div>\r\n\r\n<div id=\"text-block-6ec4e0be19b9a188cf478908126cf1bc\" class=\"sh-text-block\">\r\n\t<p class=\"abt-content dark-font text-center\"><strong>Compliance<\/strong><br \/>As an added bonus, the client was able to utilize the information gained from this Penetration Test to easily gain industry certifications and provide a higher level of service to its customers.<\/p><\/div>\r\n\t<\/div>\r\n\r\n\r\n\t\t\r\n\r\n<\/div>\r\n<\/div>\n\n\t<\/div>\r\n<\/section>\r\n\r\n<section class=\"sh-section sh-section-ef0193f16c60ef09dfe6a52dec45112e fw-main-row sh-section-visibility-everywhere\">\r\n\t\r\n\t\r\n\t<div class=\"sh-section-container container\">\r\n\t\t<div class=\"fw-row\">\n\t\r\n<div class=\"sh-column sh-column-08239fc3ac0e210682ed492ad1ae505d fw-col-xs-12\" >\r\n\r\n\t\r\n\t<div class=\"sh-column-wrapper\">\r\n\t\t\r\n<div id=\"text-block-90f9917f932ea87ffd82477b7dcf7e82\" class=\"sh-text-block\">\r\n\t<div class=\"services-sec-intro text-center\"><h3 class=\"text-left\">Conclusion<\/h3><\/div><\/div>\r\n\r\n<div id=\"text-block-70b5e7c599fd79b3f806a6ad2f54552c\" class=\"sh-text-block\">\r\n\t<p class=\"abt-content dark-font text-left\">Penetration testing is often done for varying reasons. Two of the key goals our team and the client team aimed for, were to increase upper management awareness of security issues and to test intrusion detection and response capabilities. After conducting the Pentest and compromising the organization, we engaged the client in a controlled offensive \/ defensive threat detection challenge, allowing the client several days to identify and remediate active threats within their systems. After this challenge was complete organization was appointed to conduct training for the key internal security team like secure code development as well as further advisory on remediation tactics. In the end our client was able to meet the highest level of compliance and regulation standards, develop better security practices and reassure their customers, employees, and board of their continued dedication to best business practices and continued growth.<\/p><p class=\"abt-content dark-font text-left\">After mitigating all security risks by following all remediations suggested by Varutra, the client infrastructure was secure from all possible risks uncovered by Varutra and effectiveness of these vulnerabilities can be verified by conducting Reassessment activity on same target scope to compare strength of the security posture. Upon Reassessing the target scope for all security vulnerabilities following are the vulnerability count for Assessment and Reassessment activities.<\/p><\/div>\r\n\r\n<div id=\"single-image-37ee20141d143ff2689630887ce5077a\" class=\"sh-single-image  \">\r\n\t<div class=\"sh-element-margin\">\r\n\r\n\t\t\r\n\t\t\t<div class=\"sh-single-image-container\">\r\n\t\t\t\t\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"\/\/www.varutra.com\/wp-content\/uploads\/2020\/08\/Screenshot_9.png\" rel=\"lightbox\">\r\n\t\t\t\t\t\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" class=\"sh-image-url\" src=\"https:\/\/www.varutra.com\/varutravrt3\/wp-content\/uploads\/2020\/08\/Screenshot_9.png\" alt=\"Screenshot_9\" \/>\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\r\n\t\t\t\t\t\t\t\t\t\t\t<\/a>\r\n\t\t\t\t\t\t\t\t\t\r\n\t\t\t\t\t\t\t<\/div>\r\n\r\n\t\t\r\n\t<\/div>\r\n<\/div>\r\n\r\n<div id=\"text-block-16d86e6494b86117310a52cc37e55aa6\" class=\"sh-text-block\">\r\n\t<p class=\"abt-content dark-font text-left\">Upon applying all the patches and following all the remediation as per the documented report, the client was able the migrate the security posture of their infrastructure from an overall High severity to Low severity upon further patching and following secure configuration the Network infrastructure was secured from all Security Risks which would have otherwise affected Confidentiality, Integrity and Availability of the data. Now client\u2019s Infrastructure met all compliance standards and regulations which will influence their business positively.<\/p><\/div>\r\n\t<\/div>\r\n\r\n\r\n\t\t\r\n\r\n<\/div>\r\n<\/div>\n\n\t<\/div>\r\n<\/section>\r\n<\/p>","protected":false},"excerpt":{"rendered":"<p>Security Assessment Case Study About Our ClientThe client is a major non-banking finance company (NBFC). The Company is engaged in lending and allied activities. It&#8230;<\/p>\n","protected":false},"author":3,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"om_disable_all_campaigns":false,"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO Pro 4.6.3 - aioseo.com -->\n\t\t<meta name=\"description\" content=\"Read more about Varutra consulting has performed activities for Security Assessment Case Study.\" \/>\n\t\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t\t<link rel=\"canonical\" href=\"https:\/\/www.varutra.com\/varutravrt3\/security-assessment-case-study\/\" \/>\n\t\t<meta name=\"generator\" content=\"All in One SEO Pro (AIOSEO) 4.6.3\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Varutra Consulting\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Security Assessment Case Study - Varutra Consulting\" \/>\n\t\t<meta property=\"og:description\" content=\"Read more about Varutra consulting has performed activities for Security Assessment Case Study.\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/www.varutra.com\/varutravrt3\/security-assessment-case-study\/\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/www.varutra.com\/wp-content\/uploads\/2020\/04\/layer-4.png\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/www.varutra.com\/wp-content\/uploads\/2020\/04\/layer-4.png\" \/>\n\t\t<meta property=\"og:image:width\" content=\"311\" \/>\n\t\t<meta property=\"og:image:height\" content=\"295\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2020-08-13T13:33:09+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2022-09-14T07:47:08+00:00\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Security Assessment Case Study - Varutra Consulting\" \/>\n\t\t<meta name=\"twitter:description\" content=\"Read more about Varutra consulting has performed activities for Security Assessment Case Study.\" \/>\n\t\t<meta name=\"twitter:image\" content=\"https:\/\/www.varutra.com\/wp-content\/uploads\/2020\/04\/layer-4.png\" \/>\n\t\t<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t\t<meta name=\"twitter:data1\" content=\"kalpadmin\" \/>\n\t\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/security-assessment-case-study\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/\",\"nextItem\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/security-assessment-case-study\\\/#listItem\"},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/security-assessment-case-study\\\/#listItem\",\"position\":2,\"name\":\"Security Assessment Case study\",\"previousItem\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/#listItem\"}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/#organization\",\"name\":\"Varutra\",\"url\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/www.varutra.com\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/Varutra-Found-e1612984024606.jpg\",\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/security-assessment-case-study\\\/#organizationLogo\"},\"image\":{\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/security-assessment-case-study\\\/#organizationLogo\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/security-assessment-case-study\\\/#webpage\",\"url\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/security-assessment-case-study\\\/\",\"name\":\"Security Assessment Case Study - Varutra Consulting\",\"description\":\"Read more about Varutra consulting has performed activities for Security Assessment Case Study.\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/security-assessment-case-study\\\/#breadcrumblist\"},\"datePublished\":\"2020-08-13T13:33:09+05:30\",\"dateModified\":\"2022-09-14T13:17:08+05:30\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/#website\",\"url\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/\",\"name\":\"Varutra Consulting\",\"description\":\"Secure your digital world with our Cybersecurity services.\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO Pro -->\r\n\t\t<title>Security Assessment Case Study - Varutra Consulting<\/title>\n\n","aioseo_head_json":{"title":"Security Assessment Case Study - Varutra Consulting","description":"Read more about Varutra consulting has performed activities for Security Assessment Case Study.","canonical_url":"https:\/\/www.varutra.com\/varutravrt3\/security-assessment-case-study\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"og:locale":"en_US","og:site_name":"Varutra Consulting","og:type":"article","og:title":"Security Assessment Case Study - Varutra Consulting","og:description":"Read more about Varutra consulting has performed activities for Security Assessment Case Study.","og:url":"https:\/\/www.varutra.com\/varutravrt3\/security-assessment-case-study\/","og:image":"https:\/\/www.varutra.com\/wp-content\/uploads\/2020\/04\/layer-4.png","og:image:secure_url":"https:\/\/www.varutra.com\/wp-content\/uploads\/2020\/04\/layer-4.png","og:image:width":"311","og:image:height":"295","article:published_time":"2020-08-13T13:33:09+00:00","article:modified_time":"2022-09-14T07:47:08+00:00","twitter:card":"summary_large_image","twitter:title":"Security Assessment Case Study - Varutra Consulting","twitter:description":"Read more about Varutra consulting has performed activities for Security Assessment Case Study.","twitter:image":"https:\/\/www.varutra.com\/wp-content\/uploads\/2020\/04\/layer-4.png","twitter:label1":"Written by","twitter:data1":"kalpadmin","twitter:label2":"Est. reading time","twitter:data2":"7 minutes","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BreadcrumbList","@id":"https:\/\/www.varutra.com\/varutravrt3\/security-assessment-case-study\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/www.varutra.com\/varutravrt3\/#listItem","position":1,"name":"Home","item":"https:\/\/www.varutra.com\/varutravrt3\/","nextItem":"https:\/\/www.varutra.com\/varutravrt3\/security-assessment-case-study\/#listItem"},{"@type":"ListItem","@id":"https:\/\/www.varutra.com\/varutravrt3\/security-assessment-case-study\/#listItem","position":2,"name":"Security Assessment Case study","previousItem":"https:\/\/www.varutra.com\/varutravrt3\/#listItem"}]},{"@type":"Organization","@id":"https:\/\/www.varutra.com\/varutravrt3\/#organization","name":"Varutra","url":"https:\/\/www.varutra.com\/varutravrt3\/","logo":{"@type":"ImageObject","url":"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/11\/Varutra-Found-e1612984024606.jpg","@id":"https:\/\/www.varutra.com\/varutravrt3\/security-assessment-case-study\/#organizationLogo"},"image":{"@id":"https:\/\/www.varutra.com\/varutravrt3\/security-assessment-case-study\/#organizationLogo"}},{"@type":"WebPage","@id":"https:\/\/www.varutra.com\/varutravrt3\/security-assessment-case-study\/#webpage","url":"https:\/\/www.varutra.com\/varutravrt3\/security-assessment-case-study\/","name":"Security Assessment Case Study - Varutra Consulting","description":"Read more about Varutra consulting has performed activities for Security Assessment Case Study.","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/www.varutra.com\/varutravrt3\/#website"},"breadcrumb":{"@id":"https:\/\/www.varutra.com\/varutravrt3\/security-assessment-case-study\/#breadcrumblist"},"datePublished":"2020-08-13T13:33:09+05:30","dateModified":"2022-09-14T13:17:08+05:30"},{"@type":"WebSite","@id":"https:\/\/www.varutra.com\/varutravrt3\/#website","url":"https:\/\/www.varutra.com\/varutravrt3\/","name":"Varutra Consulting","description":"Secure your digital world with our Cybersecurity services.","inLanguage":"en-US","publisher":{"@id":"https:\/\/www.varutra.com\/varutravrt3\/#organization"}}]}},"aioseo_meta_data":{"post_id":"3275","title":"Security Assessment Case Study - Varutra Consulting","description":"Read more about Varutra consulting has performed activities for Security Assessment Case Study.","keywords":[],"keyphrases":"{\"focus\":{\"keyphrase\":\"Security Assessment Case Study - Varutra Consulting\"},\"additional\":[]}","primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"content","og_image_url":"https:\/\/www.varutra.com\/wp-content\/uploads\/2020\/04\/layer-4.png","og_image_width":"311","og_image_height":"295","og_image_custom_url":null,"og_image_custom_fields":null,"og_video":"","og_custom_url":null,"og_article_section":null,"og_article_tags":[],"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":"Security Assessment Case Study - Varutra Consulting","twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[],"defaultGraph":"WebPage","defaultPostTypeGraph":""},"schema_type":"default","schema_type_options":"{\"article\":{\"articleType\":\"BlogPosting\"},\"course\":{\"name\":\"\",\"description\":\"\",\"provider\":\"\"},\"faq\":{\"pages\":[]},\"product\":{\"reviews\":[]},\"recipe\":{\"ingredients\":[],\"instructions\":[],\"keywords\":[]},\"software\":{\"reviews\":[],\"operatingSystems\":[]},\"webPage\":{\"webPageType\":\"WebPage\"}}","pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":"-1","robots_max_videopreview":"-1","robots_max_imagepreview":"large","priority":null,"frequency":"default","local_seo":null,"limit_modified_date":false,"open_ai":null,"created":"2021-10-27 15:14:07","updated":"2022-09-29 13:49:32"},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t<a href=\"https:\/\/www.varutra.com\/varutravrt3\" title=\"Home\">Home<\/a>\n<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\tSecurity Assessment Case study\n<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/www.varutra.com\/varutravrt3"},{"label":"Security Assessment Case study","link":"https:\/\/www.varutra.com\/varutravrt3\/security-assessment-case-study\/"}],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/www.varutra.com\/varutravrt3\/wp-json\/wp\/v2\/pages\/3275"}],"collection":[{"href":"https:\/\/www.varutra.com\/varutravrt3\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.varutra.com\/varutravrt3\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.varutra.com\/varutravrt3\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.varutra.com\/varutravrt3\/wp-json\/wp\/v2\/comments?post=3275"}],"version-history":[{"count":6,"href":"https:\/\/www.varutra.com\/varutravrt3\/wp-json\/wp\/v2\/pages\/3275\/revisions"}],"predecessor-version":[{"id":19723,"href":"https:\/\/www.varutra.com\/varutravrt3\/wp-json\/wp\/v2\/pages\/3275\/revisions\/19723"}],"wp:attachment":[{"href":"https:\/\/www.varutra.com\/varutravrt3\/wp-json\/wp\/v2\/media?parent=3275"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}