Energy & Utilities
Resolving Business-Critical Vulnerabilities for an Energy Supply Company
Success Story
Scalefocus was selected as the preferred technology partner to perform a security test over the client's main platform to ensure a fully unified and streamlined process for threat and vulnerability management, penetration testing and source code security reviews.
Pointed out all high and critical vulnerabilities
Reduced Cyber Security risk by 25%
Improved embedded secure coding reviews
The Client
Our client is a European energy supply company with a focus on energy trading, energy generation and consulting for public utilities. The company was founded as a joint venture between municipal utilities, municipal and regional supply companies to organize joint procurement on the European energy markets and develop synergies.
The Solution
We identified high-risk infrastructure components by assessing their vulnerabilities and establishing control over the level of risk to the operational environment. We were responsible for scanning and performing in-depth penetration testing on multiple applications related to compliance and relevant industry standards. The tests were conducted in line with Open Web Application Security Project (OWASP) and ISO27001.
We also performed a comprehensive Source Code Security Review to highlight potential security vulnerabilities within the client’s IT landscape.
We identified miscellaneous code quality issues, for example:
Insecure input validation;
Inadequate data protection;
Insufficient error handling;
Weak cryptographic algorithms.
Results
The enforcement of authentication and access control increased the security level globally across the organization. This allowed secure 24/7 remote access for the staff regardless of their location in the world.
Removed over 24 potential security vulnerabilities, 5 of them business-critical;
Performed over 80 platform security tests, 56 of them with unsuccessful attempts;
Developed and executed 2 full attack vectors, based on the business logic;
Established a repeatable process for platform threat and vulnerability management.
Our Work
We have a global client base that includes Fortune 500 companies, innovative startups and industry leaders in Information Technology, E-Commerce, Insurance, Healthcare, Finance and Energy & Utilities.
