Case Studies - StrongBox IT

Case Studies

  • Financial institutions
  • Healthcare and Life Sciences
  • Mass engagement

Financial institutions

Financial institutions

The Largest Stock Market in India

Multiple web and mobile applications including the broker application suite that enables trading across the country

The applications were tested and certified for over five years in a row

The Largest Stock Market in India

Multiple web and mobile applications including the broker application suite that enables trading across the country

The applications were tested and certified for over five years in a row

Anticipated Outcome

Result

Possible business Impact

Outcomes

Our Approach Offensive Security Validations - Showcase maximum damage
Anticipated Outcome
  • Identify vulnerable areas and exploit
  • Extract sensitive information
  • Shutdown the central trading systems
Result
  • Extracted shareholders information – positions, contact information, banking details etc using a SQL injection vulnerability
  • Shut down trading by disabling all broker logins using a privilege escalation vulnerability
Possible business Impact
  • Crash of the national economy
  • Loss of shareholders confidence on data security
  • Loss of brand image globally
Outcomes
  • Heightened trustworthiness through elimination of loopholes for unauthorized access, script injection and session handling flaws.
  • Danger of spoofing and interception attacks averted.

Healthcare and Life Sciences

Healthcare and Life Sciences

Patient Management System in Australia and New Zealand

Legacy, web and mobile applications to hold patient information, manage clinics and report to regulatory authorities

Our Approach Offensive Security Validations - Showcase maximum damage
Anticipated Outcome
  • Identify vulnerable areas and exploit
  • Extract sensitive information
  • Take over the entire system
Result
  • Extracted patient information – Geographical and contact information, disease and prescriptions, past and future appointments using a SQL injection vulnerability
  • To0k over the entire server using a file upload functionality
Possible business Impact
  • Breach of privileged patient information
  • Exposure of the geographical health index of the country
  • Complete takeover of clinical systems. Loss of data integrity
Outcomes
  • Heightened trustworthiness through elimination of loopholes for unauthorized access, script injection and session handling flaws.
  • Protection from possible corruption of national regulatory information and data used for analytics

Mass engagement

Mass engagement

Citizen Engagement systems in Canada, Ireland, UK and Australia

Web based platform used by Government municipal councils to engage with their residents on a regular basis

Our Approach Offensive Security Validations - Showcase maximum damage
Anticipated Outcome
  • Identify vulnerable areas and exploit
  • Extract sensitive information
  • Shut down the system
Result
  • Created a Denial of Access using a vulnerability that was not patched in the technology stack of the application. The system was down till further intervention
Possible business Impact
  • Loss of citizen’s confidence on government systems
  • Potential loss of citizen engagement
Outcomes
  • Systems hardened to avoid exploits of zero days and unpatched vulnerabilities
  • Increased monitoring on systems handling sensitive information