Network penetration test

The brief

As part of the business services the client offered, they had a necessity to store sensitive data including credit card information. Having previously chosen suppliers from an industry body recommended list, they decided to try a local provider with vast experience in financial services - Mothax.

The solution

The scope of the test was largely driven by compliance to the PCI-DSS standard, as well specific requirements from the clients financial service business partners. Although the scope and objectives remained largely unchanged from previous tests, Mothax did find efficiency savings to bring the length of the engagement down by several days. Combined with a day rate that was 40% lower than the previous supplier, this reduced the overall cost of the test by a wide margin.

The result

Despite the previous test being performed by a certified “team leader”, the overall results couldn’t be more different. Whereas the previous report noted a single medium-risk finding, Mothax was able to demonstrate how administrative access to the network could be achieved from the Internet. And worse still, we uncovered a large cache of credit card data that was completely missed by previous tests. Combined with a report that was simpler and gave more detail on how to mitigate key risks, the client certainly felt the benefit of switching suppliers.