A portal is a digital platform that enables employees, partners, or clients, to access company related information, tools, or resources. Portals serve a variety of functions:
· For employees: Updating personal information, requesting leave, or downloading forms.
· For clients: Managing accounts, making payments, or logging support tickets.
The bigger question, have you ever tested the portal is securely set up?
A Real-World Case: Uncovering a Critical Vulnerability
Recently, a concerned business owner approached the South East Cyber Resilience Centre to perform a Web App Vulnerability Assessment. During this assessment, we uncovered a critical vulnerability, that was sitting quietly on the web server of the client, that could have allowed hackers to access the company’s internal systems without even needing a password.
A web server is the technology that hosts the website and makes it available to users. In this case, the vulnerable configuration that we identified made the entire internal private network and all of it’s resources available to anybody who knew how to query it in the right way.
What Were the Risks?
The implications of this vulnerability were severe:
· Hackers could exploit the issue with minimal effort.
· Internal systems and sensitive data were at risk.
· Potential disruptions to normal business operations.
This was a high-risk scenario, where even a small coding error had the potential to lead to data breaches and cascading security problems.
The Response: Fixing the Problem
Once we identified the vulnerability, our CyberPATH Assessment Team:
· Assessed the severity and immediately reported the issue to the company’s point of contact.
· Worked with the company and their third-party software supplier to implement urgent fixes.
· Conducted follow up testing to ensure the vulnerabilities were fully resolved.
Our collaborative efforts successfully eliminated the risks and significantly improved the organisation’s security posture.
Why Testing Matters
Custom software is a valuable asset, but it also introduces unique security challenges. A single coding or configuration oversight can provide malicious actors with an easy way to exploit internal systems. Testing your systems before hackers do is critical to safeguarding your operations, data, and reputation.
The Thrill of the Hunt
Finding this vulnerability was no accident, it was the result of meticulous investigation and persistence. Late one evening, at around 10 PM, the team finally confirmed proof of the issue.
One of the assessment team, Savva Pistolas, spoke shortly after,
“The rush of satisfaction when you solve a hunch is immense, but it quickly shifts to action disclosing the issue responsibly, and collaborating with stakeholders to fix it. It’s this mix of problem-solving, client impact, and skill-building that makes cyber security work so engaging and rewarding.
This case highlights the importance of proactive security testing. By identifying vulnerabilities before malicious actors do, organisations can avoid significant disruptions and maintain trust. We probably prevented a big headache for the owners and now they just enjoy an uneventful day.”
Chris White, Head of Cyber added,
“This crime reduction initiative is all about delivering value to the client by ensuring their systems are secure. Our students look at systems manually, rather than using automatic cyber security tools, their young talented minds can see issues in systems that can often be missed with other methods. To stay secure, please don’t wait for an incident, test your systems in advance.”
For more information or you would like to arrange a test, get in touch with us at enquiries@secrc.police.uk
Comments