hlk_logo

"Moving to E5 has been really good from a security point of view... Now we can get a holistic view of what’s going on, which helps us to make changes and recommendations for future plans."

IT Service Manager
Ian Harkess
Trusted by industry leaders
NHS Confederation Logo

Kickstart Your FastTrack Journey

Fill out the short form below to express your interest in our FastTrack programme, and we’ll be in touch soon.

Please note: A minimum of 150 enterprise licenses is required for FastTrack eligibility.
ENQUIRY - Popup w/ Fasttrack for dark backgrounds (#28)

“We needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.”

IT Operations Manager
Simon Darley
Trusted by industry leaders

Let's Talk

Call us on one of the numbers below, we cover the whole of the UK, so call the nearest office.

BriSTOL HQ & The South West

London & Surrounding Areas

Manchester & the North

“We needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.”

IT Operations Manager
Simon Darley
Trusted by industry leaders
NHS Confederation Logo White

Request a Call

First we need a few details.

ENQUIRY - Popup w/ Captcha for light backgrounds (#21)
CLIENT SUCCESS

geo

Web Application, Internal and External Penetration Test

geo (Green Energy Options) is an established smart energy specialist and a leading supplier of in-home energy displays (IHDs). geo’s mission is to bring net zero forward by revolutionising the way households consume energy, keeping consumers’ hard-earned money in their pockets and cutting carbon at the same time. At the forefront of the energy revolution, geo has a responsibility to operate in a 100% secure environment.
Solution
Web Application, Internal and External Penetration Test

The Requirement.

geo understood that to assess its resilience against cyber threats accurately and effectively, a proactive cyber security assessment needed to be conducted. Recognising the importance of specialist support to protect the enterprise from cyber attacks, the company decided to turn to our CREST-certified penetration testers for the insights they needed.

The solution.

After scoping geo’s requirements, our team undertook both a web application penetration test as well as an external and internal infrastructure penetration test.
In both environments, our experts operated through the eyes of a malicious actor, carrying out cyber attack simulations using real-world TTPs (tactics, techniques and procedures). This approach enabled us to follow the realistic route of a potential hacker and identify any vulnerabilities they could exploit.

After scoping geo’s requirements, our team set out to undertake both a web application pen test, as well as an external and internal infrastructure pen test.
In both environments, our team of experts was able to operate through the eyes of a malicious actor, carrying out cyber attack simulations using real world TTP’s (tactics, techniques, and procedures). This approach enabled us to follow the realistic route of a potential hacker and identify any vulnerabilities they could exploit.

Following our proactive testing methodology, our ethical hackers strategically conducted various stages of the penetration testing lifecycle. This included:

Although both penetration tests followed a similar assessment methodology, the projects themselves were varied in terms of the endpoints and assets examined within their environment.

Web Application Penetration Test

Our web application penetration tests aim to identify potential cyber security vulnerabilities resulting from insecure development practices in the design, coding and publishing of software or websites.

The areas of assessment we covered for geo included:

Looking for broken access controls: Exploiting potential vulnerabilities in geo’s security systems that grant access to accounts and data.

✅Identifying potential cryptographic failures: Uncovering passwords that were not sufficiently encrypted and could be broken to reveal sensitive information.

Testing for security misconfigurations: Assessing security controls that are left insecure or incorrectly configured, potentially exposing systems to breaches.

Investigating vulnerable and outdated components: Highlighting risks in unpatched or unsupported software that could be exploited in cyber attacks.

Searching for software and data integrity failures: Assessing risks where applications rely on plugins, libraries or modules from untrusted sources, which may compromise infrastructure integrity.


Internal and External Infrastructure Penetration Test

The additional penetration test explored a separate set of controls and configurations.

Our internal and external infrastructure penetration tests aim to assess the effectiveness of existing security policies and to identify potential misconfigurations in essential networks and systems. This included:

Exploring insecure configuration parameters: Insecure system configuration risks stem from flaws in the security settings, configuration and hardening of different systems across the infrastructure, often resulting in ‘low-hanging fruit’ for attackers looking to expand their foothold within an environment.

Examining potentially insufficient firewalls: Traffic on the external network/internet is inspected by firewall software as it comes in and out; however, our team looked to exploit any vulnerable rules, policies and controls in the software.

Identifying unpatched systems and software flaws: Unpatched software means there are potential vulnerabilities in a program or code that organisations are unaware of, something our ethical hackers wanted to utilise to their advantage.

Uncovering possible weak encryption conventions: A weak cipher is defined as an encryption/decryption algorithm that uses a key of insufficient length. Using an insufficient key length opens up the possibility that the encryption scheme could be broken. Our team aimed to exploit any encryption weaknesses..

The Benefits.

Following all testing, we provided geo with an in-depth, evidentially supported analysis, with recommendations on how to actively avoid a cyber security breach in the future.

This assessment enabled geo to continue to comprehensively defend its valuable information from cyber attacks and to operate with an elevated understanding of what modern cyber security looks like in today’s threat landscape.

If you want to know more about how our CREST-certified penetration testing services can improve your cyber resilience, you can find out more and get in touch today

‘The assessment reinforced how quickly the threat landscape is changing, and has helped us understand and mitigate potential risks. If I had one piece of advice for someone who has never undertaken a pen test, it would be: do it before it’s too late. The rate at which technology is changing is extraordinary, and if you want to stay ahead of the evolving threat landscape, a regular pen test will certainly put you in good standing.

We were very happy with the professionalism and level of engagement with Stripe OLT. Having them onsite, actively testing our environment and witnessing how they operate, I couldn’t recommend them enough.’

geo
Paul Goodyer - Chief Operations Officer