We performed a thorough white-box analysis of the systems. We focused on technologies used, possible vulnerabilities and worked on finding newer, safer electronic solutions.
We analysed:
- systems’ and network documentation
- the technical area of systems and their informatic environment
- correctness and comprehensiveness of security infrastructure set
- effectiveness of security solutions
- IT systems for threats such as network attacks, data transmission hazard, application threats, communication threats, technical malfunctions, cryptographic threats and human errors
We analyzed source code and technologies used in each system, such as:
Javascript | MongoDB | Python | Open Edx | Apache Kafka | Java | Spring
KeyCloak Java | Spring Security | LDAP | MySQL | Angular | TypeScript
Lucene | ElasticSearch | Oracle | Oracle Business Intelligence EE
Oracle Data Integrator | Hadoop | Spring Boot | Apache CXF | Java 8
Struts 1.3 + JSP | JSF2/EJB/CDI + PrimeFaces | WildFly 10 | Oracle 12c
In the last stage of the audit, we performed control tests to check the installation and configuration correctness for the relevant IT systems.
The control consisted of:
- Network layer audit
- Operational systems layer audit (servers, matrices, libraries)
- Database layer audit
- Penetration tests performed inside the client’s office, to identify the possibility of successfully breaching the security systems from NIP’s HQ.