Case Study
Vulnerability Scanning and Penetration Testing for Retail Payments Authority
Service:
Sector:
The client
The UK’s retail payments authority overseeing critical payments infrastructure and platforms on behalf of the Bank of England.
The work
As part of the internal audit for the golive readiness of a new transactional data analysis platform we were required to perform internal and external vulnerability scanning and penetration testing of the new system.
How we helped
The highly sensitive nature of the transactions being stored on the platform and the importance of the analysis provided to the financial markets was such that the client required absolute certainty that the implementation was architected and implemented as securely as possible.
Our skilled penetration tester deployed a range of techniques and tools to simulate likely hacking attack vectors and test the effectiveness of system security at the transport, infrastructure, database, application and presentation layers and then provide practical mitigation steps for issues identified.
Value added
Our penetration tester’s practical knowledge of hacking approaches and techniques enabled a level of scrutiny beyond that from purely deploying automated tools. We were able to advise the client on a risk based approach to mitigating the vulnerabilities highlighted to the extent that they were comfortable to put the system live.