The client is a banking institution with over 150,000 clients, 540 employees, and 50 offices across Spain, handling a business volume of 6 billion euros.
An external company had developed an application for managing online banking, and a thorough analysis was requested to identify vulnerabilities that could compromise the systems.
The application required a deep evaluation to identify weaknesses, including pentesting, denial of service, cross-site scripting, data validation, and communication security.
A black-box audit was conducted on two access points provided by the client. The tests included:
A report was delivered evaluating the vulnerabilities found using the CVSS scoring system, classifying the severity of each and providing specific recommendations such as patches or configuration adjustments.
After implementing the proposed solutions, additional tests verified that all issues were resolved, ensuring the system was secured.