VA-PT of Educational ERP Management System - Cyber Security Case Study
A growing platform as a school ERP system contracted us for performing full VAPT. As the system has to handle thousands of users. Client also allowed for performing web server VAPT for potential issues as well. ERP was having 60+ plug and play modules with Lakhs of live users and Hundred of Clients active on it. Challenge was to perform Penetration testing on Live server with daily bases updating code.
The gray-box approach was applied as initial demo was provided by the client. The scanning part was covered with automated tools and utilized the information for identifying false positives. Later the filtered information was utilized for manual exploitation for avoiding any consequences. In terms of web server scanning and exploitation was performed in automated and manual manner respectively. The outcome of the entire exercise was categorized in high, medium and low severity issues. Primary test includes Penetration testing of Web Application, Server and Network. As system was on Production server having 3000+ daily transactions, penetration testing was conducted with taking care that system must not be down during day time.