A large insurer asked us to perform a wide range of pentests – a big exercise involving 600 hours of work. We discovered that their public-facing sites had a blind time-based SQL injection vulnerability. This allowed us, from an unauthenticated perspective, to download the customer database, complete with sensitive information such as home addresses, manifests and financial figures.
It was a critical find, not least because the client had done pentesting the year before, and the issue went undiscovered. In a sector as heavily regulated as insurance, the potential fallout regarding compliance and reputation isn’t hard to imagine, especially considering the problem affected ten different portals and an entire stable of brands.
Let Mobius Binary determine whether your application, system, or network is clearly secure or not.
Market: Retail
Service: Threat Simulation