Identified Critical Vulnerabilities in Web Applications for Telecommunications Organization
- Telecommunications Sector
- +$100 billion revenue
- +150,000 employees
- A large telecommunications organization wanted to continually understand the risk surface exposed by the extensive array of products, services, and technologies that are regularly integrated into the organization.
- Performed continuous web application penetration tests for several years against existing and newly developed applications.
- Collaborated closely with the client’s incident response team to tackle critical security vulnerabilities that posed an immediate risk to the network.
- Executed an attack chain to illustrate how an attacker could exploit misconfigured microservices to extract customer data.
- Discovered critical vulnerabilities such as multi-factor authentication bypass, business logic flaws, and injection-based vulnerabilities (e.g., Log4Shell) on publicly available services.
- Improved the internal security team’s understanding of specialized security assessments such as mobile and hardware-based assessments.