Trusted Hands Financial Services Private limited is a Kerala based Activities auxiliary to financial intermediation company. A consumer-focused financial services & tech platform that solves problem of discovery, shortlisting, application, management and servicing of bank loans, borrowing options. Trusted Hands Financial Services (THFS) will change the way customers take and manage loans. THFS will enable customers to acquire their financial freedom, with right choice at the right time.
Cyber Security Challenges
Requirement : Internal / External Pentesting, Vulnerability Assesmement, Solution
The Customer needed to test the security controls deployed within their IT infrastructure.
- Vulnerability assessment and penetration testing of the network’s external perimeter.
- Vulnerability assessment and penetration testing of the network’s internal environment (servers, firewalls, etc.).
- Security risk assessment of the client digital channels (internet banking, mobile banking, mPOS merchant service, QR code payments, clients’ payments, and communication in social networks).
- Simulation of social engineering attacks at the employees’ emails to check their susceptibility to phishing.
Solutions
Offenselogic team conducted black box penetration testing of the external perimeter of the Customer’s network. The ethical hackers didn’t manage to penetrate the network with no credentials, so they proceeded with the grey box testing method using user login details but having no access to the entire network. Grey box penetration testing revealed a vulnerability of the Customer’s remote server to external manipulations.
Our security engineers scanned the Customer’s internal network for vulnerabilities and exploited the discovered vulnerabilities using the grey box penetration testing method. They discovered a server using the obsolete HTTPS protocol, which was critical for the banking environment storing clients’ data.
The Customer received detailed reports of the conducted network vulnerability assessment, penetration testing, and the security risk assessment of the client digital channels with recommendations to mitigate the discovered vulnerabilities. After fixing all the issues according to the provided remediation plan, the Customer ran retesting, which showed the increased security level of the network’s external perimeter and internal environment.
November 5, 2021 
Any Location 
Full-time 
