We don't just try to react to the customer's requirements, but we look for a solution that will have the maximum benefit.
One Czech bank owned by a foreign owner wanted to test its internet and mobile banking through penetration tests. The bank selected AEC in the tendering procedure.
After executing the entrance analysis of the bank's environment, we proposed an extension of the tests on the bank's other applications and verification of a wider range of possible attacks.
Within two hours, we got several applications into the bank's internal network and gained full access to it. During normal operation we did the same thing within fifteen minutes at the customer information terminals at the affiliates. The breach was very fast due to a number of errors in the applications being used. We proposed their modifications in a way so they would resist possible attacks, and so the bank would not have to substitute them with other applications.
In regard to the number of errors that were found, the IT management asked us to find out if there were any attacks on the network in the past that they didn't know about, and that may have led to customers' data theft. Luckily there was no evidence that could prove that an attack had happened.
The bank not only made sure that its critical data had not abused, but due to the security changes that were made, it should never happen.