+383 (0) 49 686 668 [email protected]

use case

Security Testing & Audit

Penetration Testing & Security Code Reviews

Challenge

A U.S based investment firm was in the process of performing due diligence with a famous financial exchange platform based on Zug, Switzerland as part of their acquirement process. The investment firm was interested in acquiring the financial organization as a whole as well as all of their intellectual property which included a trustless asset exchange, mobile applications for asset management, and the infrastructure on top of which it is built.

Before committing to acquiring and enabling a multi-million dollar investment, the Sentry team developed a baseline for assesing the security of the asset exchange on a technical level.

Are Applications and all of their components built with security in mind?

  • If yes, do said Applications and all of their components include the security features that have been claimed?
  • If yes, do these security features align with industry standards and best practices?
  • If not, are there any known vulnerabilities or perceived dangers to the said Applications and all of their components?

Are Applications and all of their components following security practices, both technical and procedural set by credible and expert sources?

  • If yes, are said Applications and all of their components thoroughly tested and/or peer-reviewed by external credible and expert sources?
  • If yes, have said Applications and all of their components been evaluated positively by external credible and expert sources?
  • If not, are there any issues that would compromise the solutions provided by said Applications and all of their components?

Do Applications and all of their components require additional investments regarding security?

  • If yes, do these investments extend beyond the organization’s resources (eg. External Experts, Investing in New Technologies, Enhancing or expanding the current technical/non-technical team?
  • If yes, are these investments realistic from a technical security standpoint?
  • If not, is there anything that can be utilized/salvaged from existing security implementations in providing added value to current/other business opportunities.

For this due diligence step, the U.S Investment firm has asked Sentry to step in and evaluate the potential investment from a security perspective.

 

Solution

In order to provide satisfactory insights on the following inquiries, we have performed the following:

  1. A general/technical report containing a thorough security analysis of the solution architecture in a live production-grade environment.
  2. A general/technical report containing a thorough security analysis of all supporting technologies implemented in the environment.
  3. A general/technical report illustrating the results of Dynamic Tests for identifying security vulnerabilities, validating security controls, testing security functionality, and identifying mitigation or improvement strategies.
  4. An in-depth/technical report outlining expert peer-reviewed observations, both objective and subjective, specifically aimed at core functionalities – In this case: Cryptography, Programming/Code, Cyber/Information security.
  5. An in-depth/technical analysis of emerging security threats in the foreseeable future that may compromise the solution offered by the project, and/or concept flaws that are apparent in the present.

Success

All of the analysis performed by Sentry helped the U.S investor gain clarity in what exactly they were acquiring from a security perspective. Our reports illustrated that while all of the critical security components were built with security in mind, not enough testing and peer reviewed analysis has been done in order to assume that the system is safe to use and production ready.

Many of the components had best security practices implemented in them, however critical vulnerabilities have been identified residing within the codebase of some of the most crucial components. Furthermore, there have been novel security mechanisms introduced that have not been thoroughly tested or implemented in the industry. Although the algorithms have been innovative and efficient and could be developed as a product on their own, it was found out that they did not belong to the financial exchange, and would be excluded from the IP acquirement – something that was not disclosed prior to testing and security code reviews.

Our findings have been a game changer for our client – giving Sentry the experience of contributing into making a sound multi-million dollar decision. Sentry has protected US investor from an investment with a multitude of hidden costs regarding security and has helped point out contractual flaws that could have undermined the future of the investment.

How We Took Over ‘Hack The Box’

Hack The Box https://www.hackthebox.eu/ is one of the most popular platforms when it comes to CTFs, boasting almost 150,000 Ethical Hackers. This is by far one of the largest online hacking communities with a fantastic competitive aspect to it. Sentry Cybersecurity...

Top 2018 Cyber Threats and Prevention Tip

Cybercriminals are constantly modifying and evolving their strategies and tools to steal and compromise data all over the world. Nobody knows what the next attack could be, but in order to keep up, people need to take actions to try and prevent any unwanted data leaks...

Cyber Defense Week 2018

Cyber Security jobs are growing three times faster than information technology jobs. However, this rapidly growing and very exciting industry lacks the number of skilled professionals required to handle the jobs. Cyber Defense Week is a one-week event that is...

Google+ Shutting Down After Exposing 500,000 User’s Data

The tech-giant suffered a massive data breach, exposing the private data of hundreds of thousands of Google+ users to third party developers. According to Google, a security vulnerability in one of Google+'s People APIs enabled third-party developers to access data...

Copyright 2019 Sentry
All Rights Reserved.

Website and Visuals by Mayune
Contact

+383 (0) 49 686 668
[email protected]