The client is an international company that provides consulting services in the pharmaceutical and medical device sectors. It supports brands at every stage of entering the Eurasian markets — from regulatory strategy to certification, marketing, and localization.
As the company operates in a regulated industry and is partially involved with medical data, information security and compliance with partner requirements and international standards are top priorities.
We applied a black-box pentest — the team had no prior access to source code or internal systems, which allowed us to simulate the actions of a real attacker.
The assessment covered two web resources with Ukrainian and British domains, along with associated infrastructure components.
We combined manual and automated techniques, using modern scanners and attack simulation methods.
Despite limited visibility, the testing successfully identified vulnerabilities of varying severity — from configuration issues to technical flaws.
During the testing, the Datami team followed a structured approach focused on external testing without access to internal information.
This ensured maximum realism and allowed us to evaluate the system’s resilience to attacks while meeting the partner’s security requirements.
Every
At the start of the project, the client’s digital assets faced elevated risks: outdated CMS components were discovered, potentially exposing the systems to attack vectors. The public-facing infrastructure lacked adequate protection and access controls.
During the black-box pentest, the Datami team identified 19 vulnerabilities: 1 high-risk (unauthorized access to the admin panel), 8 medium, 7 low, and 3 informational.
The client received clear recommendations to improve security, including:
After implementing these recommendations, the risk of cyberattacks was significantly reduced. The company avoided potential reputational and financial losses associated with the leakage of sensitive data.
The project was completed within two weeks. All critical vulnerabilities were promptly addressed by the client upon receiving the technical report.
This case study demonstrated how the project provided the company with a clear understanding of the cybersecurity status of its digital assets, along with concrete steps to eliminate vulnerabilities and improve compliance with information security standards.
Penetration testing enabled the client to prepare for partner compliance requirements without risking sensitive data exposure. All project goals were achieved within the planned timeframe.
Web applications are targeted by attacks every day - from simple scanners to deliberate breaches. To understand how vulnerable a web application is and how to protect it from hackers’ actions, a special assessment is conducted - penetration testing (pente
Microsoft announced a new update to Defender for Office 365 that automatically detects and blocks email bombing attacks. The rollout started in June, and most users will receive the feature by mid-July 2025.
Cloudflare reported that it stopped the most powerful UDP flood DDoS attack aimed at exhausting system resources. In 35 seconds, the attackers flooded the company with traffic at 11.5 Tbit/s.