Introduction/Overview
Ubitquity is a leading enterprise blockchain-secured platform for real estate and title recordkeeping. In this industry, securing client data is crucial, which is why Ubitquity puts such a high priority on cybersecurity.
Challenge
As a blockchain-as-a-service company, Ubitquity has a large cyber environment, and because they use cloud providers, the search for a trusted cybersecurity partner was made even harder. Cloud environments are not as easily secured as others, simply because they are newer and there is a knowledge gap in many cybersecurity companies. But with sensitive client data, the team at Ubitquity had to find a robust solution to keep their systems secure.
Solution
Once Ubitquity saw a demo and proof of concept from Red Sentry’s continuous platform, they were sold. They use Red Sentry 24/7/365 to secure their cloud and external assets. If a new vulnerability appears in their environment, they are notified immediately.
Benefit
Ubiquity has a strong security score from Red Sentry, which they can share with their clients.
Result
Ubitquity continues to be a leader in the blockchain space, and while trusting Red Sentry with their offensive cybersecurity, they can focus on innovating for their clients.
Small SaaS Startup hit with $2M ransomware before they even onboard their first client.
SaaS Startup
We strive to bring the best pentest solution, for the cheapest price. And did we mention that we are fast?
We have been making offensive cybersecurity YouTube videos and would love to share our knowledge with you!
Watch YouTubeBelow are just some of the reasons why you should choose Red Sentry.
We make the process smooth. We have no lead times (for those ASAP pentests).
Your PM will communicate with your team throughout the pentest process.
There are no hidden fees or overage fees. The price you see, is what you get.
We offer a retest once you patch up any vulnerabilities.
We make pentesting affordable by cutting out any fluff hourage.
We report all criticals and highs to your team immediately during testing.
Save time, avoid false positives, truly operationalize security, and manage costs.
Check out our pentesting options below.
Once access to the mobile application is granted, all of the models/API endpoints are enumerated, if applicable, the source code is analyzed to look for misconfigurations and sensitive data exposed, the technology stack used is analyzed as well to look for potential CVEs, and the permissions schema is tested to look for broken access controls and privilege escalation possibilities. Overall, the test is conducted following the OWASP Top 10 Mobile methodology.
After scoping, the assessment team tries to access every page of the application and look for the different requests made. From that list, a set of possible attacks is made and then executed to prove impact. A usual requirement here is to look for vulnerabilities that allow a basic user to access either to an admin’s or to another user’s data.
A cloud engagement will look for different misconfigurations inside a Cloud environment that can turn a malicious insider task much easier. The assessment team will look for issues related to the authentication mechanism being used and the virtual assets inside the infrastructure, like database instances, containers, storage buckets and running applications. We will need access to the cloud environment with read only or security audit access to conduct testing. After we gain access to the Cloud, we run a couple of tools to look for both technical and user-generated misconfigurations.
After scoping, an asset discovery is performed to collect all of the active host + port combinations. Once done, we start looking for potential exploits either by searching CVEs associated with the technology stack behind the service running on a certain port, or by performing a set of standard attacks.
Additionally, we look for breached credentials which are still valid on different platforms.
We use different techniques to map the
inside network and then go through a discovery process where we look for privilege
escalation, targets for brute-force attacks, control over traffic data and common
vulnerabilities which could give us access to sensitive information that a regular
user shouldn’t have access to. Depending on the approach chosen, those
vulnerabilities could then be exploited as well.