Client is a main worldwide supplier of review and confirmation, counselling, monetary warning, hazard warning, charge, and related services.
Audit and assurance, consulting, financial advising, risk advisory, tax, and associated services are the major areas of business for the customer. And they save this data on their role-based internal portal, which contains all sensitive client data (salary, business details, balance sheet, etc.). Because this portal is utilised and accessible from a variety of locations throughout the world, it is necessary to do security tests on it.
The attacker model must be defined (internal or external, enabled rights and privileges),
Goals, source data, scope of work, and testing targets must all be defined,
determining the target environment's breadth, Creating a methodology for testing and Procedures for engagement and communication are being defined.
The penetration tester was able to conduct a complete assessment for security holes in the Customer's network using a combination of automation for deep network scanning and human approaches for vulnerability exploitation.