A major energy corporation in Ukraine operates across the full energy cycle: generating electricity from solar, wind, and thermal power plants; extracting coal and gas; engaging in energy trading; distributing electricity; and developing a nationwide network of charging stations.
The company operates in the field of critical infrastructure, processes confidential personal and corporate data, and complies with regulatory requirements, making information security a strategic priority.
A combined penetration test was conducted using both gray-box and white-box approaches. We applied both static and dynamic analysis, combining manual and automated methods. Constant communication with the client was maintained, as unstable application performance complicated the testing process.
During testing, the team managed to bypass corporate network restrictions and discovered Wi-Fi access through an unprotected device. This made it possible to demonstrate real attack vectors.
The Datami team first conducted static and dynamic testing of the mobile applications, followed by an assessment of the company’s internal infrastructure, with particular focus on the Wi-Fi network and access policies. During the process, the team had to adapt to technical issues with the applications and clarify testing scenarios.
Every
During the security assessment at , the Datami team identified several critical, as well as a number of medium and low vulnerabilities in mobile applications and internal infrastructure. Some of the risks were related to network access and security policy configurations. During the testing process, our penetration testers also noted issues in application functionality.
As a result, the client received a detailed technical report and a recommended action plan, including:
After implementing the recommendations, a reduction in the risk of data leakage and unauthorized access is expected.
As a result of the collaboration with Datami, the organization received a detailed technical report, an assessment of the security level of its mobile applications and network infrastructure, and recommendations for vulnerability remediation.
The testing was completed within the planned timeframe — 4–5 weeks.
This case study confirms the importance of regular penetration testing for critical infrastructure companies — both for security control and regulatory compliance.
Web applications are targeted by attacks every day - from simple scanners to deliberate breaches. To understand how vulnerable a web application is and how to protect it from hackers’ actions, a special assessment is conducted - penetration testing (pente
Microsoft announced a new update to Defender for Office 365 that automatically detects and blocks email bombing attacks. The rollout started in June, and most users will receive the feature by mid-July 2025.
Cloudflare reported that it stopped the most powerful UDP flood DDoS attack aimed at exhausting system resources. In 35 seconds, the attackers flooded the company with traffic at 11.5 Tbit/s.