A major financial institution in Georgia serves over 500,000 clients through mobile applications, web portals, and APIs. The company handles sensitive data and operates in a regulated industry governed by PCI DSS and ISO/IEC 27001 standards.
Information security is critical to preventing data leaks, financial fraud, and unauthorized access, while regular security assessments help strengthen cyber resilience.
Before testing, we analyzed the client’s technical documentation to accurately model potential threats.
The team conducted black-box and gray-box penetration testing of the bank’s key digital services, along with Security Code Review of selected components. Datami tested web portals, mobile applications, APIs, internal infrastructure, and POS terminals.
We combined automated scanners with manual testing, applying OWASP Top 10, MITM analysis, fuzzing, and custom scripts. We assessed configurations, authorization mechanisms, and component interactions with partial access to the client’s infrastructure, simulating the most likely attack vectors in a real-world environment.
Throughout the process, Datami adapted the work plan to fit the specifics of the infrastructure, delays in access provisioning, and newly added testing targets that emerged after the project began.
The team rotated IP addresses during scanning to avoid being blocked. Temporary privilege escalation was approved, and tunnels were created through restricted zones to reach isolated systems.
Every
Before the project, the client had a fairly secure system, but testing revealed a number of critical and high-risk issues, including the absence of CAPTCHA and DoS protection, weak security event monitoring, and vulnerable access points via APIs.
The Datami team identified 106 vulnerabilities: 7 critical, 15 high, 44 medium, 36 low, and 4 informational. Among them, a potential DoS attack on the call center — through mass creation of callback requests — was discovered and blocked.
The client promptly implemented initial measures: part of the issues was resolved within 48 hours.
Due to the scale and complexity of the infrastructure, the project lasted 5 months, including additional targets that appeared during the course of work.
The project helped the banking institution timely identify critical vulnerabilities, prevent a DoS attack on the call center, and strengthen the protection of client-facing services.
The client received an in-depth security assessment and practical recommendations from Datami on how to eliminate vulnerabilities and enhance cybersecurity.
This case study confirms: even well-protected financial companies require regular penetration testing and security code review to reduce risks and stay compliant.
Web applications are targeted by attacks every day - from simple scanners to deliberate breaches. To understand how vulnerable a web application is and how to protect it from hackers’ actions, a special assessment is conducted - penetration testing (pente
Microsoft announced a new update to Defender for Office 365 that automatically detects and blocks email bombing attacks. The rollout started in June, and most users will receive the feature by mid-July 2025.
Cloudflare reported that it stopped the most powerful UDP flood DDoS attack aimed at exhausting system resources. In 35 seconds, the attackers flooded the company with traffic at 11.5 Tbit/s.