en

Case Study: Consulting Company – Security Testing of Web Resources and Infrastructure

Client:
A consulting company providing full-cycle services for bringing pharmaceutical and medical products to the Eurasian markets
Industry:
Healthcare
Focus:
Protection of confidential data and compliance with regulatory and partner security requirements
Main challenge:
Ensuring compliance with the information security standards of a potential business partner
Market:
Eurasian countries
Services provided:
Black-box pentest of two web resources with different domain zones (UA and UK), and assessment of related infrastructure components
Key Takeaways
  • Conducted black-box pentest of two web resources and infrastructure components
  • Identified 19 vulnerabilities: 1 critical, 8 medium, 7 low, and 3 informational
  • Delivered a detailed technical report with recommendations to meet security standards
  • 2
    weeks to complete the testing
    19
    vulnerabilities identified
    100%
    of project goals achieved
    Case Study: Consulting Company – Security Testing of Web Resources and Infrastructure
    Is it possible to prepare a global company’s digital assets to meet partnership security requirements in just two weeks? Yes, it is! A consulting company hired Datami to perform a black-box pentest of its web resources and infrastructure. Our team identified 19 vulnerabilities and delivered effective recommendations to enhance cybersecurity.

    The client is an international company that provides consulting services in the pharmaceutical and medical device sectors. It supports brands at every stage of entering the Eurasian markets — from regulatory strategy to certification, marketing, and localization.

    As the company operates in a regulated industry and is partially involved with medical data, information security and compliance with partner requirements and international standards are top priorities.

    Objectives and challenges
    The company approached Datami for a security testing as part of its preparation for a strategic partnership. The potential partner had specific information security requirements — meeting them was a key condition for collaboration.

    The goal of the project was to evaluate the security posture of public-facing digital assets: web resources with UK and UA domains and related infrastructure components.
    • Conduct black-box penetration testing without access to source code or internal systems
    • Identify vulnerabilities, assess their severity, and map out possible attack vectors
    • Deliver a structured report with findings and recommendations to improve security posture
    icon
    Penetration testing
    External black-box testing of web resources and infrastructure
    icon
    Threat identification
    Risk analysis of public domains and digital services
    icon
    Report and recommendations
    Summary of findings and actionable steps to meet partner security requirements
    Our approach

    We applied a black-box pentest — the team had no prior access to source code or internal systems, which allowed us to simulate the actions of a real attacker.

    The assessment covered two web resources with Ukrainian and British domains, along with associated infrastructure components.

    We combined manual and automated techniques, using modern scanners and attack simulation methods.

    Despite limited visibility, the testing successfully identified vulnerabilities of varying severity — from configuration issues to technical flaws.

    Black-box
    Black-box
    The testing was performed without access to internal information — only from the perspective of an external user, closely simulating real-world cyber threats.
    Key project stages and solutions

    During the testing, the Datami team followed a structured approach focused on external testing without access to internal information.

    This ensured maximum realism and allowed us to evaluate the system’s resilience to attacks while meeting the partner’s security requirements.

    • Preparation
      Analysis of public resources, clarification of the scope, and identification of testing priorities.
    • Pentest Execution
      External black-box testing of two web resources and related infrastructure components. A combination of automated scanners and manual verification was used.
    • Analysis and Reporting
      Preparation of a report detailing the discovered vulnerabilities (1 High, 8 Medium, 7 Low, 3 Informational) along with recommendations for remediation and improved protection.
    How we can help you?

    Every cybersecurity case study we solve involves deep analysis, tailored solutions, and measurable results.
    Datami has already helped over 600 companies strengthen their digital defenses — and we can do the same for your business.
    Ready to take action?

    Let’s start with a free consultation!
    Results and recommendations
    Results and recommendations

    At the start of the project, the client’s digital assets faced elevated risks: outdated CMS components were discovered, potentially exposing the systems to attack vectors. The public-facing infrastructure lacked adequate protection and access controls.

    During the black-box pentest, the Datami team identified 19 vulnerabilities: 1 high-risk (unauthorized access to the admin panel), 8 medium, 7 low, and 3 informational.

    The client received clear recommendations to improve security, including:

    1. updating all CMS components to the latest versions;
    2. implementing additional access controls for critical areas;
    3. monitoring and configuring event logging;
    4. fixing vulnerabilities in plugins and infrastructure configurations.

    After implementing these recommendations, the risk of cyberattacks was significantly reduced. The company avoided potential reputational and financial losses associated with the leakage of sensitive data.

    The project was completed within two weeks. All critical vulnerabilities were promptly addressed by the client upon receiving the technical report.

    Our certificates
    Key project takeaways

    This case study demonstrated how the project provided the company with a clear understanding of the cybersecurity status of its digital assets, along with concrete steps to eliminate vulnerabilities and improve compliance with information security standards.

    Penetration testing enabled the client to prepare for partner compliance requirements without risking sensitive data exposure. All project goals were achieved within the planned timeframe.

    Aspect
    Before the project
    After implementation
    Security posture
    High risk due to outdated CMS components and lack of protection
    19 vulnerabilities identified; remediation steps provided
    Critical vulnerabilities
    Risk of unauthorized access to protected areas of web resources
    1 critical issue discovered and promptly resolved by the client
    Account compromise
    Risk of unauthorized access to protected areas of web resources
    1 critical issue discovered and promptly resolved by the client
    Account compromise
    Potential due to exposed interfaces and weak configurations
    Risk reduced after restricting access and updating systems
    Security compliance
    Partial compliance with partner requirements
    Access control strengthened; implementation of recommendations initiated
    More success stories with Datami
    Browse other project case studies
    Case: Scheduled Penetration Testing of Mobile Applications and Internal Network

    Case: Scheduled Penetration Testing of Mobile Applications and Internal Network

    • Critical, medium, and low vulnerabilities were identified in mobile applications and the network
    • Risks were demonstrated through public Wi-Fi access and bypassing network restrictions
    Services:
    Mobile app pentesting, infrastructure penetration testing
    Jun 20, 2025
    Distribution Company Case: Penetration Test with Red Teaming Elements

    Distribution Company Case: Penetration Test with Red Teaming Elements

    • 21 vulnerability identified: 8 medium, 12 low, and 1 informational
    • Simulated internal attack: Wi-Fi password successfully cracked
    Services:
    Black-box penetration test with elements of Red Teaming
    Jun 6, 2025
    Case Fraudline: Scheduled Pentest of a Whistleblowing Platform

    Case Fraudline: Scheduled Pentest of a Whistleblowing Platform

    • Identified 6 technical vulnerabilities: 5 low-risk and 1 informational
    • Performed additional manual testing of business logic
    Services:
    automated gray-box pentest, audit of secure coding practices, additional manual review of business logic
    May 23, 2025
    Security image
    Ready to assess your project's security?
    Contact Datami — we’ll help you identify risks, strengthen your cybersecurity, and confidently pass certification.
    Datami articles
    The Equifax Data Breach: A Preventable Catastrophe Datami Newsroom
    Datami Newsroom

    The Equifax Data Breach: A Preventable Catastrophe

    This incident occurred back in 2017, but cybersecurity experts are still studying it in detail. This case features a series of classic security failures – serving as a clear example of what not to do.

    Jun 30, 2025 3 min
    Unconventional Records: Pentesters Hacked a Tesla in Just 2 Minutes Datami Newsroom
    Datami Newsroom

    Unconventional Records: Pentesters Hacked a Tesla in Just 2 Minutes

    Today, all it takes to take over a car is a computer. That’s exactly what hackers demonstrated at a special competition - they hacked a Tesla in just 120 seconds, and the result became a true sensation.

    Jun 27, 2025 3 min
    Top 5 Reasons to Invest in Penetration Testing in 2025 Datami Newsroom
    Datami Newsroom

    Top 5 Reasons to Invest in Penetration Testing in 2025

    Today, nearly every business is closely connected to the internet: websites, mobile apps, cloud data storage, electronic payments, and more. This brings great convenience, but at the same time, it introduces additional risks and potential financial losses

    Jun 25, 2025 3 min
    Order a free consultation
    We value your privacy
    We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Cookie policy