(929) 590-5818 [email protected]
en
en

Case Study: Consulting Company Security Test

Client:
A consulting company providing full-cycle services for bringing pharmaceutical and medical products to the Eurasian markets
Industry:
Healthcare
Focus:
Protection of confidential data and compliance with regulatory and partner security requirements
Main challenge:
Ensuring compliance with the information security standards of a potential business partner
Market:
Eurasian countries
Services provided:
Black-box pentest of web resources and infrastructure
Key Takeaways
  • Identified 19 vulnerabilities, including 1 critical, and 8 medium
  • Provided security compliance recommendations
  • Conducted black-box pentest of two web resources and infrastructure components
    • 2
    weeks to complete the testing
    19
    vulnerabilities identified
    100%
    of project goals achieved
    Case Study: Consulting Company Security Test
    Jun 6, 2025
    14 min
    Is it possible to prepare a global company’s digital assets to meet partnership security requirements in just two weeks? Yes, it is! A consulting company hired Datami to perform a black-box pentest of its web resources and infrastructure. Our team identified 19 vulnerabilities and delivered effective recommendations to enhance cybersecurity.

    The client is an international company that provides consulting services in the pharmaceutical and medical device sectors. It supports brands at every stage of entering the Eurasian markets — from regulatory strategy to certification, marketing, and localization.

    As the company operates in a regulated industry and is partially involved with medical data, information security and compliance with partner requirements and international standards are top priorities.

    Objectives and challenges
    The company approached Datami for a security testing as part of its preparation for a strategic partnership. The potential partner had specific information security requirements — meeting them was a key condition for collaboration.

    The goal of the project was to evaluate the security posture of public-facing digital assets: web resources with UK and UA domains and related infrastructure components.
    • Conduct black-box penetration testing without access to source code or internal systems
    • Identify vulnerabilities, assess their severity, and map out possible attack vectors
    • Deliver a structured report with findings and recommendations to improve security posture
    icon
    Penetration testing
    External black-box testing of web resources and infrastructure
    icon
    Threat identification
    Risk analysis of public domains and digital services
    icon
    Report and recommendations
    Summary of findings and actionable steps to meet partner security requirements
    Datami Methodology: Security Testing of Digital Infrastructure
    Our approach

    We applied a black-box pentest — the team had no prior access to source code or internal systems, which allowed us to simulate the actions of a real attacker.

    The assessment covered two web resources with Ukrainian and British domains, along with associated infrastructure components.

    We combined manual and automated techniques, using modern scanners and attack simulation methods.

    Despite limited visibility, the testing successfully identified vulnerabilities of varying severity — from configuration issues to technical flaws.

    Black-box
    Black-box
    The testing was performed without access to internal information — only from the perspective of an external user, closely simulating real-world cyber threats.
    Key project stages and solutions

    During the testing, the Datami team followed a structured approach focused on external testing without access to internal information.

    This ensured maximum realism and allowed us to evaluate the system’s resilience to attacks while meeting the partner’s security requirements.

    • Preparation
      Analysis of public resources, clarification of the scope, and identification of testing priorities.
    • Pentest Execution
      External black-box testing of two web resources and related infrastructure components. A combination of automated scanners and manual verification was used.
    • Analysis and Reporting
      Preparation of a report detailing the discovered vulnerabilities (1 High, 8 Medium, 7 Low, 3 Informational) along with recommendations for remediation and improved protection.
    Cybersecurity starts with action
    How we can help you?

    Every cybersecurity case study we solve involves deep analysis, tailored solutions, and measurable results.
    Datami has already helped over 600 companies strengthen their digital defenses — and we can do the same for your business.
    Ready to take action?

    Let’s start with a free consultation!
    Results and recommendations
    Fewer critical risks — more confidence
    Results and recommendations

    At the start of the project, the client’s digital assets faced elevated risks: outdated CMS components were discovered, potentially exposing the systems to attack vectors. The public-facing infrastructure lacked adequate protection and access controls.

    During the black-box pentest, the Datami team identified 19 vulnerabilities: 1 high-risk (unauthorized access to the admin panel), 8 medium, 7 low, and 3 informational.

    The client received clear recommendations to improve security, including:

    1. updating all CMS components to the latest versions;
    2. implementing additional access controls for critical areas;
    3. monitoring and configuring event logging;
    4. fixing vulnerabilities in plugins and infrastructure configurations.

    After implementing these recommendations, the risk of cyberattacks was significantly reduced. The company avoided potential reputational and financial losses associated with the leakage of sensitive data.

    The project was completed within two weeks. All critical vulnerabilities were promptly addressed by the client upon receiving the technical report.

    Our certificates
    Key project takeaways

    This case study demonstrated how the project provided the company with a clear understanding of the cybersecurity status of its digital assets, along with concrete steps to eliminate vulnerabilities and improve compliance with information security standards.

    Penetration testing enabled the client to prepare for partner compliance requirements without risking sensitive data exposure. All project goals were achieved within the planned timeframe.

    Aspect
    Before the project
    After implementation
    Security posture
    High risk due to outdated CMS components and lack of protection
    19 vulnerabilities identified; remediation steps provided
    Critical vulnerabilities
    Risk of unauthorized access to protected areas of web resources
    1 critical issue discovered and promptly resolved by the client
    Account compromise
    Risk of unauthorized access to protected areas of web resources
    1 critical issue discovered and promptly resolved by the client
    Account compromise
    Potential due to exposed interfaces and weak configurations
    Risk reduced after restricting access and updating systems
    Security compliance
    Partial compliance with partner requirements
    Access control strengthened; implementation of recommendations initiated
    More success stories with Datami
    Browse other project case studies
    Pentest and Protection of Platform from DDoS

    Pentest and Protection of Platform from DDoS

    • Discovered 30 vulnerabilities in two web applications
    • Implemented DataGuard and Cloudflare for DDoS protection
    Services:
    Black-box web app pentesting, implementation of Dataguard
    Jul 8, 2025
    P2P Platform Case Study: GDPR Compliance Audit

    P2P Platform Case Study: GDPR Compliance Audit

    • Improved GDPR compliance and avoided potential losses
    • Identified 10 vulnerabilities, including 3 critical ones
    Services:
    Penetration testing, smart contract audit, code security review
    Jun 27, 2025
    Payment System Pentest for PCI DSS Compliance

    Payment System Pentest for PCI DSS Compliance

    • Discovered 15 vulnerabilities, including 5 critical issues
    • Improved attack resilience by 85%
    Services:
    Black-box pentest web applications, servers
    May 30, 2025
    Back to all cases
    Security image
    Ready to assess your project's security?
    Contact Datami — we’ll help you identify risks, strengthen your cybersecurity, and confidently pass certification.
    Datami articles
    Automation vs. Pentesters: Can AI Replace Humans? Datami Newsroom
    Datami Newsroom

    Automation vs. Pentesters: Can AI Replace Humans?

    Every year, companies are increasingly integrating automated tools into their cybersecurity processes. Automation is just one auxiliary tool that comes with both advantages and disadvantages that must be kept in mind.

    Jul 25, 2025 3 min
    Aviation and Cyber Threats: TOP Hacker Attacks on Airports and Aircraft Datami Newsroom
    Datami Newsroom

    Aviation and Cyber Threats: TOP Hacker Attacks on Airports and Aircraft

    The aviation industry is one of the most technologically advanced sectors, significantly influenced by digitalization. At the same time, this increases its vulnerability to cyber threats, which can have catastrophic consequences.

    Jul 23, 2025 3 min
    TOP-5 Cyber Threats for Gamers: What You Need to Know in 2025 Datami Newsroom
    Datami Newsroom

    TOP-5 Cyber Threats for Gamers: What You Need to Know in 2025

    Gaming is a billion-dollar market with big money in circulation, which makes gamers a prime target for cybercriminals. Even in a game, users can lose personal data, money, or access to their accounts.

    Jul 21, 2025 3 min
    Show all articles
    Order a free consultation
    By submitting this form, I confirm that I have read and agree to the Privacy policy
    We value your privacy
    We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Cookie policy