ethicalhacker.ro

Global Pharma — External & Web App Pentest

Pharmaceuticals (Global)External network, 3 internet-facing web apps3 weeks2024-09

Reduced critical findings from 4 to 0 in 14 days across external network and web applications for a global pharma client.

Global Pharma — External & Web App Pentest (Anonymized)

Industry: Pharmaceuticals (Global)
Scope: External network, 3 internet-facing web apps
Duration: 3 weeks

Methods

Recon + attack surface mapping

Auth & session testing

Injection & deserialization checks

S3-style storage policy review

Key Findings

Critical: IDOR enabled cross-account data access

High: JWT alg=none downgrade in legacy microservice

Medium: TLS misconfig (weak ciphers, missing HSTS)

Outcomes (Metrics)

External critical reduced: 4 → 0 (14 days)

Mean time to patch: 7 days

Added CSP w/ nonces; blocked reflected XSS class

Testimonial

> “Found issues our scanners missed, with fixes we could ship in a sprint.” — CISO, Global Pharma

Download Redacted Report Sample Request Penetration Test Quote

Global Pharma — External & Web App Pentest | ethicalhacker.ro