Case studies

Discretion is important where security's concerned, so most of our clients don't want us to reveal when we've helped them. However, here are some of their stories with the names removed, so you can see what we do.

Business type Large online retailer
Vulnerable component Website currency converter
The problem When an invalid currency code was entered, the website's currency converter switched to an exchange rate of zero. Because this rate was used to calculate the price of orders, it meant people could purchase items for free.

These transactions were not identified as fraudulent because the company receives a large volume of orders and issues many voucher codes.
What we did As soon as we spotted the problem, we contacted the company management who authorised us to run a test purchase. This was to see if the problem could be exploited, or if orders would be blocked by the company's fraud prevention system.

When this test order was completed successfully, proving the vulnerability could be exploited, the company fixed the problem within a day.
Business type Online retailer
Vulnerable component Old files left on system
The problem The company left old system files on their server when they installed a new content management system.

These files provided a way to upload other files and then execute them. A hacker could have totally compromised the server by doing this.
What we did The moment we found the problem, we told the website's administrators. The files were deleted in minutes.
Business type IT services provider
Vulnerable component Beta version of control panel
The problem This company asked us to test a new control panel prior to its launch. The control panel was built to a very modern design, using AJAX-driven API calls.

When testing the function that allowed customers to see their invoices, we found that it was easy to gain elevated privileges and then preview all invoices in the system.
What we did We contacted the client as soon as we spotted the vulnerability. The client decided to fix every bug we found before launching the control panel.
Business type IT services provider
Vulnerable component Company blog based on Wordpress
The problem This company's blog was a crucial part of its marketing strategy. Paid links on Google were used to build traffic to the blog.

Although the blog was kept up-to-date, it was hacked through one of its components. The hackers then redirected the paid advertising links elsewhere.
What we did When we discovered the intrusion and how severe it was, we decided to move the blog's content straight to another server.

We cleared all malicious code from the database and blog files. And once everything was reinstalled, we added several custom security features.

Can you secure my website?

We work with companies of all sizes. For more information about our testing services or to get a quote for testing your site, please contact us now. You can also read about our penetration testing in more detail.

Our partners

  • OWASP
    Open web applications security project

Try free poker timer