Penetration Testing 101
Penetration testing is an essential practice that makes up a piece of Utility Cloud’s overall security posture. It is a commonly used technique that simulates an attack on a web application to gain access to sensitive company infrastructure and data. The goal of penetration testing is to detect and analyze any possible security gaps to determine if a system is vulnerable.
Our web application has gone through two separate rounds of penetration tests this year. In fact, our latest round of testing was completed earlier this week. All testing was performed by an outside consultancy that specializes in cybersecurity. We met with several companies and decided to partner with Echelon Risk + Cyber. They came very highly recommended to us from both our SOC 2 CPA firm as well as our SOC 2 compliance monitoring vendor. They are a good fit for us with a talented team of cybersecurity professionals and their approach to testing aligned well with our needs.
Testing was performed on two different occasions with several months of time in between. Both automated and manual testing techniques were used to look for vulnerabilities within our application. The automated testing process used an industry-leading scanner that hackers typically use as a first pass to check for common security holes.
Automated testing was followed by manual request interception and modification testing. The Echelon team spent over a week in total attacking our application, attempting different injections, and manipulating the platform’s business logic looking for vulnerabilities. We worked closely with the Echelon team to resolve several findings and further lock down our application.
Working with Echelon was an absolute pleasure. Their testing was thorough and at times very enlightening. The Echelon team of professionals was always available to us and responded to any of our inquiries quickly.
The penetration testing resulted in increased security measures through improved access control, database interaction, and input sanitation. The Utility Cloud application is now stronger and more resilient to attacks.
No Comments Yet
Let us know what you think