Revealing Security Issues Often Overlooked by Other Services.
The following case studies show how our customers have used WSSA to secure their networks and save valuable resources.Customer A:
A large CRM solution developer:
This customer's web server was hosted at a large ISP, well protected behind a firewall, content filtering applications, etc. To audit the defenses provided by the ISP, they contracted with Beyond Security to use WSSA for weekly scanning and security reports.
Soon after starting the scans a security vulnerability was identified, but not corrected by the ISP. Two months following the beginning of the scans, an attacker used the vulnerability to place a back door on the server. This provided complete access to the server and enabled the attacker to manipulate the information on that server, as well as use the server to "leap-frog" and attack other servers on the ISP's network from this compromised one.
WSSA's differential reporting immediately highlighted the newly opened back door. The security hole that led to this compromise had been previously reported by WSSA scans, but the administrator had disagreed with the risk severity assigned by WSSA.
Finding this back door just shortly after it was placed saved money and limited the damage caused by this compromise. In fact, the attacker did not have time to do anything other than place the back door, so the typical damage, expense and down time of a break in was avoided due to the quick identification of the incident.
A company providing public services with national security implications.
This company had been conducting quarterly penetration tests using a top data security consulting company and had paid over $20,000 to perform each scan. As a side-check the company used Beyond Security's WSSA service on their external IP addresses. "High Risk" security issues were found during the initial test, issues that would have allowed an attacker to gain full access to the main server.
The company was shocked; especially due to the fact that the periodic (and expensive) penetration tests did not reveal those holes. As further proof that the vulnerability actually existed Customer B requested Beyond Security staff to use it to penetrate the server in order to show the magnitude of the problem. We did so, and our team was able to gain control over their database and add ourselves as a trusted "agent" in the system.
The vulnerability was not discovered during the penetration testing, done just weeks before we scanned, because the test performed was obsolete at the time it was done and did not include the most current attack modes. Customer B was able to quickly fix the issue using the solution provided in the WSSA report.
A governmental office that had been using a well known web application security product.
The customer then contracted with Beyond Security to check the DMZ network for security weaknesses and found that it used a database that had its SQL service open to the outside. This would have allowed anyone who gained access to the DMZ to access the database and exploit vulnerabilities in it to further gain access to the server.
This government office did not know that its DMZ network was running a database in the background, or that this database was gathering sensitive information about their network activities. In addition, the official office policy is not to use any database products without coordinating this with the security officer, and this was clearly in breach of that policy.
The customer contacted their web security company and asked them to fix this security hole immediately, which was previously unknown to the vendor. This customer had additional web sites that were 'protected' with the same tool and they found that all of them suffered the same problem.