Casos de éxito
Conoce cómo ayudamos a organizaciones de distintos sectores a fortalecer su postura de ciberseguridad, prevenir ataques y responder ante incidentes críticos
Pentesting for the GRIN Portal
VERDE is the largest savings and credit union in Uruguay and was founded in 1972. It is an organization made up of more than 290,000 members, with agencies in three departments, and promotion points across the country.
Necessity
VERDE undertook an ambitious project to improve its digital services. Supervised by the Central Bank of Uruguay, the cooperative sought to develop an innovative web portal that would not only facilitate the management of its members' finances, but would also guarantee the security of their data. A crucial part of this project was an exhaustive Pentesting process to ensure the integrity of the application.
Solution
To ensure that the application met appropriate safety standards, a Pentesting process with a white box approach was carried out. This process included:
- Carrying out a comprehensive vulnerability analysis.
- Planning and execution of Pentesting using third-party and proprietary tools, complemented by detailed manual analyses.
- Delivery of a comprehensive report containing findings, identified risks and recommendations for remediation.
The methodology of the latest version of the OWASP Web Security Testing Guide was followed. In this process, critical aspects were evaluated such as:
- Configuration and deployment
- Identity Management
- Authentication and Authorization
- Session Management
- Validating entries
- Error Handling
- Cryptography
- Business logic
- Client-side weaknesses
- APIs
Outturn
The project successfully culminated in a significant improvement in the security of the GRIN portal. Through an Ethical Hacking process, critical vulnerabilities were identified and mitigated, ensuring that the application met appropriate security standards.
Two comprehensive reviews were carried out, focused on the analysis of access controls and the protection of sensitive information both in transit and at rest. These revisions included special attention to key functionalities, such as loan and transaction management, ensuring that these operations will be executed in a secure and accurate manner, safeguarding user data and internal operations.
This work not only strengthened the security of the portal and its internal communications, but it also established a robust framework that will allow GRIN to face future challenges with confidence. It also underlines the importance of carrying out continuous security reviews and taking proactive measures to protect digital assets and preserve operational integrity.
Additionally, the process made it possible to identify and correct abnormal behaviors, reinforcing the security posture from the start. This included the recognition of key points of failure, the implementation of effective solutions and their consideration in future improvements or new functionality.
“Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed porttitor, libero vitae fringilla imperdiet, nibh tellus iaculis ligula, eu semper justo nisl non metus.”
Otros casos
.png)
The Censo de Población, Hogares y Viviendas, conducted by the Instituto Nacional de Estadísticas (INE), is the main tool for determining the number of inhabitants, households, and dwellings in Uruguay, as well as for collecting statistical information on living conditions, sociocultural levels, and the population’s needs.