Web Application Penetration Testing for a European Bank

Web Application Penetration Testing for a European Bank

Financial Services


The Customer is a European bank with $300+ mln in total assets and more than 40 national branches. The bank provides a whole spectrum of banking services for private and corporate customers.


The bank sought for a penetration testing provider to evaluate the overall security of certain web applications and check whether their customers’ sensitive information was properly protected. The bank turned to ScienceSoft’s experts who had carried out projects on information security, fraud protection and penetration testing for banks with a world-known reputation. ScienceSoft was requested to test web applications that allowed the bank’s customers to use popular banking services, therefore implied processing and storing of personal information (e.g., payment card numbers, transaction details, phone numbers and more).


To carry out high-quality, comprehensive testing of the web applications, ScienceSoft’s penetration testers used the OWASP Top 10 methodology. This methodology allows for identifying the most critical security flaws of web applications, as well as provides a detailed guidance on how to eliminate detected vulnerabilities. To ensure accurate results, ScienceSoft’s team used both manual and automated testing tools and techniques.

The pentesters chose the black-box testing model that implied simulation of various types of cyber-attacks with the Internet access only. This type of testing repeats a real scenario of an outside attack that would exploit web app deviations to let the attacker reach critical data.

During the test, ScienceSoft’s specialists applied a range of testing methods to evaluate the resistance of the web apps against SQL injections, cross-site scripting and cross-site request forgery, as well as to detect security misconfigurations, components with known vulnerabilities, invalidated redirects and forwards, and more. The pentesters also performed sophisticated brute force attacks to check the reliability of authentication security controls.

Penetration testing for the banking institution revealed several vulnerabilities that fell into 4 categories as defined in the OWASP methodology. To help the Customer patch these security gaps, ScienceSoft provided a list of feasible measures to restore the required level of security and customer data protection in the shortest period of time.


ScienceSoft performed 10 different penetration tests to analyze the security of the Customer’s web apps. The testing revealed 4 types of vulnerabilities classified according to the risk levels defined in the methodology. ScienceSoft’s experts drew up a detailed remediation plan and recommended the Customer to focus on the authentication and data validation issues as fundamental for protecting sensitive information.

Technologies and Tools

Methodology: OWASP Top 10.

Tools: BurpSuite, Acunetix, Google Chrome Developer Tools, Python, WPScan, Nessus, Nmap, sqlmap, Metasploit.

Need help with a similar project?

Drop us a line, and our rep will contact you within 30 minutes to arrange an initial discussion.

More Case Studies

Big Data Implementation for Advertising Channel Analysis in 10+ Countries</a> </p> <p class="cs-description">Migration to a new analytical system that ScienceSoft implemented helped one of the top market research companies secure an innovative big data solution based on Apache Hadoop, Apache Hive and Apache Spark frameworks. The new system was 100 times faster compared to the old one and could process 1,000 different data formats.</p> <a href=https://www.scnsoft.com/case-studies/"https://www.scnsoft.com/case-studies/big-data-implementation-for-advertising-channel-analysis" class="btn btn-link-arrow btn-link-arrow--right cs-learn-more-btn"> LEARN MORE </a> </div> </div> <div class="cs-item-wrapper"> <div class="cs-image-container"> <a href=https://www.scnsoft.com/case-studies/"https://www.scnsoft.com/case-studies/sciencesoft-empowers-tv-apps-industry-leader" class="cs-image-wrapper"> <img class="lazy cs-image" width="200" height="200" src=https://www.scnsoft.com/case-studies/"data:image/svg+xml;base64,CiAgICAgICAgICAgIDxzdmcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2aWV3Qm94PScwIDAgMjAwIDIwMCc+CiAgICAgICAgICAgICAgICA8cmVjdCB3aWR0aD0nMjAwJyBoZWlnaHQ9JzIwMCcgZmlsbD0nI2YyZjJmMicvPgogICAgICAgICAgICA8L3N2Zz4KICAgICAgICA=" data-src="/boss/images/eaeaa2b3-73be-4810-ae16-8225e27b1ca3iptv_leader_small.jpg" alt="Development of IPTV &amp; SVOD Apps and a Web-based Management System for a TV Industry Leader"> </a> </div> <div class="cs-content"> <p class="cs-title accented-text"> <a href=https://www.scnsoft.com/case-studies/"https://www.scnsoft.com/case-studies/sciencesoft-empowers-tv-apps-industry-leader">Development of IPTV &amp; SVOD Apps and a Web-based Management System for a TV Industry Leader</a> </p> <p class="cs-description">A success story of a long-term partnership (over 5.5 years) which has brought the Customer to become one of the leading TV apps providers in the world. Created with ScienceSoft&#039;s help, the company&#039;s star product – hybrid mobile apps – now power T-Mobile, Orange and other telecom industry leaders.</p> <a href=https://www.scnsoft.com/case-studies/"https://www.scnsoft.com/case-studies/sciencesoft-empowers-tv-apps-industry-leader" class="btn btn-link-arrow btn-link-arrow--right cs-learn-more-btn"> LEARN MORE </a> </div> </div> ">