Penetration Testing Against Information Security Risks for ING Bank

Vulnerability assessment and penetration testing to strengthen the security of Ukrainian branch of ING bank

Business Challenge 

Aiming to enhance the protection of the online services against cyberattacks, ING Bank Ukraine needed to identify all security weaknesses of the utilized web applications and mitigate the risk of misusing the network services. 

As a security consulting company, Tietoevry Create Ukraine (formerly Infopulse) needed to: 

  • Perform the evaluation of security risks for the business-critical web applications and network services 
  • Provide detailed recommendations on the improvement of the security level of information systems.  

Solution 

The security testing approach suggested by Infopulse was based on the OWASP security testing guidelines. 

Our partners presented a complex solution to ING Bank Ukraine, which included: 

  • Analysis of the information from public resources 
  • Vulnerability Assessment: discovering all vulnerabilities in the target web and application servers with the use of known automated tools, e.g. Web Inspect, and the developed specific tests 
  • Black Box and White Box penetration testing 
  • Controlled hacking of the target systems by experts certified in information security, with the aim of confirming the identified vulnerabilities and discovering the undetected ones.  

Technologies & Tools 

  • OSSTMM 
  • OWASP 
  • Offensive Security 
  • SANS 
  • ISSAF 
  • ISACA 

Business Value 

  • Black Box and White Box penetration testing reports 
  • A detailed report comprising the list of vulnerabilities and configuration weaknesses, which could be exploited in the network access points 
  • Recommendations on countermeasures 
  • Informing the bank’s management team on the existing information security risks.  

Nowadays, the majority of processes in the banking industry are digitalized, and information systems security level is an important indicator of the reliability of a financial establishment. Paying particular attention to the protection of our clients’ and partners’ confidential information, ING Bank Ukraine regularly conducts security audits and chooses contractors carefully. Our partners provided security risks evaluation and presented detailed recommendations on the improvement of our information systems’ security level.

- Alexandr Matsera, Senior Officer of the Informational and Operational Risk Management Department at ING Bank Ukraine 

Share on Facebook Share on Threads Share on LinkedIn