Data Leakage Could be Avoided
One of the leading property agency groups operated in the greater China region for almost 50 years and is also the Hong Kong stock exchange’s member. As of the year 2018, they have over 600 branches and employed around 800 employees.
The company provides brokers’ buy-and-sell, rental transactions, mortgage brokerage services, and immigrant consultancy services in both residential and commercial sectors in Hong Kong, as well as in Mainland China.
At a Glance
web applications
without authentication
What brings them to MXC
Due to company expansion, many new online services were provided from time to time. Several sub-systems for those services were developed and integrated into the main application. Those sub-systems were developed by different vendors. The internal team could not ensure a consistent security standard.
Challenges
- Those applications had not been penetrated after development. The internal IT team had no domain knowledge in cyberattacks. The loss could not be managed if the attacks came.
Results
Maximus or MXC Cyber Security Services Team was appointed to conduct a thorough web penetration test for a brand new application of the company that was going to launch. One of the critical issues identified would lead to potential leakage of personally identifiable information via a new known vulnerability.
The company noticed the urgency of the vulnerability and applied an emergency fix before the system launched. At the same time, the company was aware of the importance of cybersecurity and accepted Maximus’s advice of including the penetration testing process and the concept of a secure software development life cycle into their application development process as a long-term solution.