The company developed a corporate network to store user and corporate data. The network was also developed as a communication channel for the employees. The company addressed A1QA to ensure the security of the product. Major points were to secure corporate data and protect internal infrastructure from unauthorized access.
In the course of the project the testing was divided into two parts. The passive scanning was performed during business hours, while the active testing phase was organized outside the working hours.
DoS attacks were run during limited and preliminary agreed hours, remote access to the network was provided via VPN connection.
The QA team was scaled up in order to accelerate the testing procedures. Scripts development for the automation of manual checks was implemented to increase the test efficiency.
At the end of the testing period the specialists created detailed defect reports and elaborated security recommendations.
The project was completed successfully and the client was willing to prolong cooperation.
- Security Testing
TECHNOLOGIES & TOOLS
- Red Hat Linux
- Windows Server 2012
- SQL Server
- Nmap Project
- Nessus Vulnerability Scanner
- Kali Linux
- Kaspersky Lab
- RSA Security Analytics
- PortSwigger Web Security
- Rapid7 Nexpose
CHALLENGES AND SOLUTIONS
Incorrectly set-up system:
- The team analyzed configuration of network devices
- Specialists checked compliance with manufacturer recommendations
- A1QA met industrial and international standards.
The production environment was unavailable during business hours:
- File configuration was analyzed
- Active network scanning outside working hours was performed.
Non-defined system vulnerabilities:
- The team ran penetration testing.
11person-months in project efforts
2000pages of written documentation
4500configuration tests performed
4QA engineers on the project