US

Penetration testing services for Wired Quote

  • Proof-of-Vulnerability

    Proof of Vulnerability provided
  • Vulnerabilities-list

    Vulnerabilities list
  • Remediation-recommendations

    Remediation recommendations

Project overview

Wired Quote contacted DICEUS requesting penetration testing services to check how their web application copes with various cyber vulnerabilities and threats and discover and prevent potential issues that can cause reputation, customer trust, and revenue loss. The primary goal of this project was to provide WiredQuote with an understanding of the current level of security in the web application and its infrastructure components.

Client information

Wired Quote has served the health insurance community since 2009, offering online group quoting, presentation, and enrollment in Washington and Oregon states. The company provides an online, user-friendly quoting tool for insurance agents that saves time, reduces costs, and helps eliminate quote errors.

wired-quote

Business challenge

Since Wired Quote is a fast-growing tech company that provides software for financial services, it should always take care of its reputation and security. So, they decided to check how well-prepared they were for cybersecurity issues. And pen testing is the best way to show how easy it would be for scams or cyber attackers to breach the company’s defense. Our customer contacted us to help them uncover all existing and potential vulnerabilities and develop a list of recommendations and techniques to prevent the risks.

Technical challenges

The team had to thoroughly explore the customer’s network, server devices, web apps, and all the tech stack used to build the tool.

Solution delivered

To reach the primary goal of the project, our team identified application-based threats to vulnerabilities in the application, compared WiredQuote current security measures with industry best practices, provided recommendations that WiredQuote can implement to mitigate threats and vulnerabilities and meet industry best practices.

DICEUS provided web app penetration testing services that included the following tests: application security testing, bypassing security controls like Intrusion prevention systems (IPS and WAF), testing for the latest OWASP Top 10 and SANS25 security risks (SQL-injections, XSS, SSRF, XXE, etc.), testing REST API security implementations and misconfigurations according to the OWASP API Top 10, unauthenticated and Authenticated testing, access control matrix verification, testing for vertical and horizontal privileges escalation, bypassing multi-tenancy security controls, and more.

We provided the client with a penetration testing report and remediation report including a summary of business risks, high-level recommendations, and findings details.

Group-548
Claim a 30-minute talk with our experts and get a step-by-step strategy for your project for free!

Key features

key-feature
  • Discovery phase

    The team defined a scope for penetration testing and developed a mutual agreement to govern the parameters and limitations of testing. Also, DICEUS discovered and identified the network, security, and server devices, web applications, APIs, and network services to proceed with testing.

  • Grey Box testing

    Vulnerability scanning and manual vulnerability assessment of identified devices and services were done. Manual and automated attempts to exploit identified vulnerabilities and web apps were also made.

  • Recommendations

    After the testing, we developed a list of remediation techniques for the identified vulnerabilities and recommendations for technology solutions to secure the vulnerabilities discovered. The customer received a comprehensive report with the outcomes of the penetration testing project.

Value to our client

  • Proof of Vulnerability provided

    The customer got the Proof of Vulnerability (PoV) in the form of screenshots and videos taken during testing and detailed description of how to reproduce security defects for the customer’s QA team and developers.

  • Vulnerabilities list

    We provided a list of vulnerabilities ranked by risk level. The customer can consult the list anytime and check what issues are of top priority and should be worked on as soon as possible.

  • Remediation recommendations

    One of the most valuable outcomes of the project is a list of remediation recommendations on how to correct the situation.

Our tech stack

  • Burp-Suite-Pro Burp Suite Pro
  • OpenVAS OpenVAS
  • nikto Nikto
  • arachni Arachni
  • Nmap Nmap
  • crackmapexec Crackmapexec
  • hashcat Hashcat
  • jtr JTR
  • ffuf Ffuf
  • XSSHunter XSSHunter
  • sqlmap-1 SQLmap
  • dirsearch Dirsearch

Software solutions bringing business values

gartner
5/5
3 reviews
clutch
4.9/5
47 reviews

    Contact us

    100% data privacy guarantee

    Remove file
    Thank you!
    Your request has been sent
    We will get back to you as soon as possible

    USA (Headquarters)

    +16469803276 2810 N Church St, Ste 94987, Wilmington, Delaware 19802-4447

    Denmark

    +4531562900 Copenhagen, 2900 Hellerup, Tuborg Havnepark 7

    Poland

    +48789743438 ul. Księcia Witolda, nr 49, lok. 15,
    50-202 Wrocław

    Lithuania

    +4366475535405 Vilnius, LT-09308,
    Konstitucijos ave.7
    6th floor

    Faroe Islands

    +298201515 Smærugøta 9A, FO-100 Tórshavn,
    Faroe Islands

    Austria

    +4366475535405 Donau-City-Straße 11 - Ares Tower, 1220 Wien

    UAE

    +4366475535405 Emarat Atrium, 423 Al Wasl Area, Dubai, P.O. Box 112344

    Ukraine

    +4366475535405 Vatslava Havela Boulevard, 4,
    Kyiv