(929) 590-5818 [email protected]
en
en

Security Audit of Banking Web, Mobile & API Systems

Client:
A consulting company providing full-cycle services for bringing pharmaceutical and medical products to the Eurasian markets
Industry:
Healthcare
Focus:
Protection of confidential data and compliance with regulatory and partner security requirements
Main challenge:
Ensuring compliance with the information security standards of a potential business partner
Market:
Eurasian countries
Services provided:
Black-box pentest of web resources and infrastructure
Key Takeaways
  • Ensured PCI DSS and ISO 27001 readiness with full-scope testing
  • Prevented DoS attack and mitigated critical vulnerabilities
  • Conducted black-box pentest of two web resources and infrastructure components
    • 2
    weeks to complete the testing
    19
    vulnerabilities identified
    100%
    of project goals achieved
    Security Audit of Banking Web, Mobile & API Systems
    Jun 6, 2025
    14 min
    Is it possible to prepare a global company’s digital assets to meet partnership security requirements in just two weeks? Yes, it is! A consulting company hired Datami to perform a black-box pentest of its web resources and infrastructure. Our team identified 19 vulnerabilities and delivered effective recommendations to enhance cybersecurity.

    The client is an international company that provides consulting services in the pharmaceutical and medical device sectors. It supports brands at every stage of entering the Eurasian markets — from regulatory strategy to certification, marketing, and localization.

    As the company operates in a regulated industry and is partially involved with medical data, information security and compliance with partner requirements and international standards are top priorities.

    Objectives and challenges
    The company approached Datami for a security testing as part of its preparation for a strategic partnership. The potential partner had specific information security requirements — meeting them was a key condition for collaboration.

    The goal of the project was to evaluate the security posture of public-facing digital assets: web resources with UK and UA domains and related infrastructure components.
    • Conduct black-box penetration testing without access to source code or internal systems
    • Identify vulnerabilities, assess their severity, and map out possible attack vectors
    • Deliver a structured report with findings and recommendations to improve security posture
    icon
    Penetration testing
    External black-box testing of web resources and infrastructure
    icon
    Threat identification
    Risk analysis of public domains and digital services
    icon
    Report and recommendations
    Summary of findings and actionable steps to meet partner security requirements
    Datami Methodology: Security Testing of Digital Infrastructure
    Our approach

    We applied a black-box pentest — the team had no prior access to source code or internal systems, which allowed us to simulate the actions of a real attacker.

    The assessment covered two web resources with Ukrainian and British domains, along with associated infrastructure components.

    We combined manual and automated techniques, using modern scanners and attack simulation methods.

    Despite limited visibility, the testing successfully identified vulnerabilities of varying severity — from configuration issues to technical flaws.

    Black-box
    Black-box
    The testing was performed without access to internal information — only from the perspective of an external user, closely simulating real-world cyber threats.
    Key project stages and solutions

    During the testing, the Datami team followed a structured approach focused on external testing without access to internal information.

    This ensured maximum realism and allowed us to evaluate the system’s resilience to attacks while meeting the partner’s security requirements.

    • Preparation
      Analysis of public resources, clarification of the scope, and identification of testing priorities.
    • Pentest Execution
      External black-box testing of two web resources and related infrastructure components. A combination of automated scanners and manual verification was used.
    • Analysis and Reporting
      Preparation of a report detailing the discovered vulnerabilities (1 High, 8 Medium, 7 Low, 3 Informational) along with recommendations for remediation and improved protection.
    Cybersecurity starts with action
    How we can help you?

    Every cybersecurity case study we solve involves deep analysis, tailored solutions, and measurable results.
    Datami has already helped over 600 companies strengthen their digital defenses — and we can do the same for your business.
    Ready to take action?

    Let’s start with a free consultation!
    Results and recommendations
    Fewer critical risks — more confidence
    Results and recommendations

    At the start of the project, the client’s digital assets faced elevated risks: outdated CMS components were discovered, potentially exposing the systems to attack vectors. The public-facing infrastructure lacked adequate protection and access controls.

    During the black-box pentest, the Datami team identified 19 vulnerabilities: 1 high-risk (unauthorized access to the admin panel), 8 medium, 7 low, and 3 informational.

    The client received clear recommendations to improve security, including:

    1. updating all CMS components to the latest versions;
    2. implementing additional access controls for critical areas;
    3. monitoring and configuring event logging;
    4. fixing vulnerabilities in plugins and infrastructure configurations.

    After implementing these recommendations, the risk of cyberattacks was significantly reduced. The company avoided potential reputational and financial losses associated with the leakage of sensitive data.

    The project was completed within two weeks. All critical vulnerabilities were promptly addressed by the client upon receiving the technical report.

    Our certificates
    Key project takeaways

    This case study demonstrated how the project provided the company with a clear understanding of the cybersecurity status of its digital assets, along with concrete steps to eliminate vulnerabilities and improve compliance with information security standards.

    Penetration testing enabled the client to prepare for partner compliance requirements without risking sensitive data exposure. All project goals were achieved within the planned timeframe.

    Aspect
    Before the project
    After implementation
    Security posture
    High risk due to outdated CMS components and lack of protection
    19 vulnerabilities identified; remediation steps provided
    Critical vulnerabilities
    Risk of unauthorized access to protected areas of web resources
    1 critical issue discovered and promptly resolved by the client
    Account compromise
    Risk of unauthorized access to protected areas of web resources
    1 critical issue discovered and promptly resolved by the client
    Account compromise
    Potential due to exposed interfaces and weak configurations
    Risk reduced after restricting access and updating systems
    Security compliance
    Partial compliance with partner requirements
    Access control strengthened; implementation of recommendations initiated
    More success stories with Datami
    Browse other project case studies
    Mobile App Security Outstaff Audit

    Mobile App Security Outstaff Audit

    • Identified dangerous configurations and data leaks
    • Strengthened security before product launch
    Services:
     
    Nov 20, 2025
    Security Policy Audit for a Fintech Company

    Security Policy Audit for a Fintech Company

    • Seven key cybersecurity policies were reviewed and assessed
    • Regulations aligned with ISO 27001, DORA, GDPR, and NBG
    Services:
    Security policy and compliance audit
    Nov 20, 2025
    Security Testing of the DonorUA Medical Platform

    Security Testing of the DonorUA Medical Platform

    • A report with recommendations for strengthening security was provided.
    • No critical security threats were confirmed.
    Services:
    Web application pentest (Black-box)
    Nov 18, 2025
    Back to all cases
    Security image
    Ready to assess your project's security?
    Contact Datami — we’ll help you identify risks, strengthen your cybersecurity, and confidently pass certification.
    Datami articles
    KillSec Ransomware Attacks Healthcare Datami Newsroom
    Datami Newsroom

    KillSec Ransomware Attacks Healthcare

    The hacker group KillSec has recently been actively attacking the IT systems of the healthcare sector in Latin America and other countries — the attackers have already stolen dozens of gigabytes and nearly 95,000 files.

    Nov 18, 2025
    Datami at MERGE Madrid and EBC 25 Datami Newsroom
    Datami Newsroom

    Datami at MERGE Madrid and EBC 25

    The Datami team attended MERGE Madrid and the European Blockchain Convention 2025 to share their expertise and witness how Web3 is evolving. This year, the focus shifted toward real-world solutions – security, auditing, and transparent standards.

    Nov 13, 2025 3 min
    Cyberattack Types Oleksandr Filipov: Security engineer at Datami, author of articles
    Oleksandr Filipov: Security engineer at Datami, author of articles

    Cyberattack Types

    To effectively protect data and systems, it is important to understand what types of cyberattacks exist and how they work. In this article, we will look at the main types of attacks and figure out how to protect your business from them.

    Nov 6, 2025 15 min
    Show all articles
    Order a free consultation
    By submitting this form, I confirm that I have read and agree to the Privacy policy
    We value your privacy
    We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Cookie policy