(929) 590-5818 [email protected]
en
en

Security Testing of Mobile App & Internal Network

Client:
The private investor in Ukraine’s energy sector
 
Industry:
Energy
Focus:
Security assessment of mobile applications and network infrastructure as part of the annual audit
 
Main challenge:
Identifying potential vulnerabilities that could lead to data leakage
Market:
Local (Ukraine)
Services provided:
Mobile app pentesting, infrastructure pentesting
Key Takeaways
  • Simulated attack via public Wi-Fi to expose real-world risks
  • Identified critical issues across app, API, and infrastructure
  • Gray-box and white-box penetration tests were conducted using both automated and manual methods
  • A report was prepared with recommendations to strengthen cybersecurity
    • 2
    strategies used for penetration testing
    < 5
    weeks total testing time
    A report
    with recommendations was prepared
    Security Testing of Mobile App & Internal Network
    Mar 7, 2025
    How can you be sure your critical infrastructure is truly secure? Penetration testing is one of the most effective ways to verify it in practice. During a scheduled security assessment, Datami specialists discovered several vulnerabilities in the client company’s mobile applications and internal infrastructure. Thanks to the penetration test, a potential data breach was prevented.

    A major energy corporation in Ukraine operates across the full energy cycle: generating electricity from solar, wind, and thermal power plants; extracting coal and gas; engaging in energy trading; distributing electricity; and developing a nationwide network of charging stations.

    The company operates in the field of critical infrastructure, processes confidential personal and corporate data, and complies with regulatory requirements, making information security a strategic priority.

    Tasks and challenges
    Datami was engaged to conduct a scheduled penetration test of mobile applications and internal infrastructure as part of an annual security assessment. The objective was to identify potential threats to digital assets that process confidential information and to provide technical recommendations for strengthening the protection of critical infrastructure.
    • Conduct gray-box penetration testing of mobile applications for clients and employees
    • Test the internal network (white-box), including Wi-Fi, with a focus on access policies
    • Provide a technical report with findings and recommendations to mitigate risks
       
    icon
    Web pentest + mobile pentest
    Gray-box testing with user and administrator accounts
    icon
    Infrastructure pentest
    Review of network restrictions, access controls, and security configurations
    icon
    Report and recommendations
    Document with identified risks and recommendations for mitigation
    Datami Methodology: Security Assessment of Critical Infrastructure
    Our approach

    A combined penetration test was conducted using both gray-box and white-box approaches. We applied both static and dynamic analysis, combining manual and automated methods. Constant communication with the client was maintained, as unstable application performance complicated the testing process.

    During testing, the team managed to bypass corporate network restrictions and discovered Wi-Fi access through an unprotected device. This made it possible to demonstrate real attack vectors.

    White-box
    White-box
    Internal infrastructure testing with access to network configurations and policies
     
    Gray-box
    Gray-box
    Mobile application testing using administrator and user accounts, without full access to the source code
     
    Key work stages and solutions

    The Datami team first conducted static and dynamic testing of the mobile applications, followed by an assessment of the company’s internal infrastructure, with particular focus on the Wi-Fi network and access policies. During the process, the team had to adapt to technical issues with the applications and clarify testing scenarios.

    • Preparation
      Analysis of initial data, access levels, and testing scenarios; selection of tools for mobile and network testing
       
    • Security testing
      Gray-box testing of mobile applications and white-box assessment of Wi-Fi and internal network; network restriction bypass; detection of configuration vulnerabilities
       
    • Analysis and reporting
      Preparation of a technical report detailing critical and medium vulnerabilities, along with recommendations for mitigation
       
    Cybersecurity starts with action
    How we can help you?

    Every cybersecurity case study we solve involves deep analysis, tailored solutions, and measurable results.
    Datami has already helped over 600 companies strengthen their digital defenses — and we can do the same for your business.
    Ready to take action?

    Let’s start with a free consultation!
    Results and recommendations
    Fewer critical risks — more confidence
    Results and recommendations

    During the security assessment at , the Datami team identified several critical, as well as a number of medium and low vulnerabilities in mobile applications and internal infrastructure. Some of the risks were related to network access and security policy configurations. During the testing process, our penetration testers also noted issues in application functionality.

    As a result, the client received a detailed technical report and a recommended action plan, including:

    1. Remediation of vulnerabilities in mobile applications
    2. Restriction of Wi-Fi access and protection of public devices
    3. Review and update of network access policies
    4. Strengthening control over internal privileges

    After implementing the recommendations, a reduction in the risk of data leakage and unauthorized access is expected.

    Our certificates
    Key project results

     

    As a result of the collaboration with Datami, the organization received a detailed technical report, an assessment of the security level of its mobile applications and network infrastructure, and recommendations for vulnerability remediation.

    The testing was completed within the planned timeframe — 4–5 weeks.

    This case study confirms the importance of regular penetration testing for critical infrastructure companies — both for security control and regulatory compliance.

    Direction
    Before the project
    After implementation
    Security status
    Limited visibility into mobile applications and the network
    A number of critical, medium, and low vulnerabilities identified; remediation plan developed
    Critical vulnerabilities
    Not previously detected or considered
    Identified during the penetration test
    Wi-Fi access
    Public devices could store confidential passwords
    Recommended to restrict access and review interaction points
    Security compliance
    Partial compliance with expectations
    Improved transparency and access control
    Timeline
    Planned — 4–5 weeks
    Completed on time, including additional checks
    More success stories with Datami
    Browse other project case studies
    DDoS Protection and 24/7 Cyber Monitoring

    DDoS Protection and 24/7 Cyber Monitoring

    • Implemented the DataGuard solution based on Cloudflare to protect the website
    • Established reliable protection against DDoS attacks and bot traffic
    Services:
    Implementation of DataGuard and Cloudflare, 24/7 monitoring
    Aug 8, 2025
    Website Protection from DDoS Attacks

    Website Protection from DDoS Attacks

    • Implemented the DataGuard solution for website protection
    • DDoS protection deployed within 3 days
    Services:
    Website protection with DataGuard (Cloudflare), continuous monitoring, Cloudflare infrastructure management
    Aug 8, 2025
    Protection of E-commerce Websites From DDoS via DataGuard

    Protection of E-commerce Websites From DDoS via DataGuard

    • Implemented DataGuard to protect from DDoS attacks
    • Enabled rapid incident response
    Services:
    24/7 cybersecurity monitoring, integration with Cloudflare
     
    Aug 7, 2025
    Back to all cases
    Security image
    Ready to assess your project's security?
    Contact Datami — we’ll help you identify risks, strengthen your cybersecurity, and confidently pass certification.
    Datami articles
    Cloudflare Repelled a Record DDoS Attack of 11.5 Tbit/s Datami Newsroom
    Datami Newsroom

    Cloudflare Repelled a Record DDoS Attack of 11.5 Tbit/s

    Cloudflare reported that it stopped the most powerful UDP flood DDoS attack aimed at exhausting system resources. In 35 seconds, the attackers flooded the company with traffic at 11.5 Tbit/s.

    Sep 5, 2025 2 min
    The Myth of HTTPS Reliability: How Encryption Can Mislead Users Datami Newsroom
    Datami Newsroom

    The Myth of HTTPS Reliability: How Encryption Can Mislead Users

    Among internet users, a long-standing myth has taken hold: if a website has the HTTPS mark - that is, a padlock in the address bar and the letter S after “http” - it means the resource is safe and trustworthy. But in reality, the situation is much more co

    Sep 3, 2025 3 min
    Dangerous Calendar: A New Tool for Phishing Attacks Datami Newsroom
    Datami Newsroom

    Dangerous Calendar: A New Tool for Phishing Attacks

    Did you know that an ordinary calendar can become a tool for a hacker attack? Google researchers discovered that the hacker group APT41 is using Google Calendar to send commands to infected systems.

    Sep 2, 2025 3 min
    Show all articles
    Order a free consultation
    By submitting this form, I confirm that I have read and agree to the Privacy policy
    We value your privacy
    We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Cookie policy