Penetration test for an electronics retail chain
Complex testing of network, applications and employees for a Ukrainian electronics retailer.
ELDORADO is a retail chain of electronics and household appliances in Ukraine. The chain has over 120 modern stores in 57 cities across Ukraine. ELDORADO offers a selection of almost 60,000 models of modern personal equipment from leading manufacturers.
After migrating some IT services to the Cloud, a security assessment was needed for prevention purposes — to verify the effectiveness of cybersecurity protection.
Penetration testing was selected as the assessment method to identify vulnerabilities and exploit them by simulating real attacks to gain access to the corporate network or disclose confidential information.
XRAY CyberSecurity conducted complex testing at network, application and employee levels.
- External network perimeterOn-premises and Cloud IT infrastructure.
- Network perimeter of retail storesSeveral physical store environments tested in-place.
- Eldorado.uaE-commerce web application — full assessment.
- Social engineeringTargeted scenarios against employees.
Different attack vectors were tested, both from internet users and offline store guests.
Our pentesting methodology is based on leading standards — PTES, NIST SP 800-115, OSSTMM, OWASP — and improved by our own 15 years of experience.
During pentesting, a full set of common pentester tools was used — but the main key to success was manual analysis: interconnecting individual vulnerability exploitation results to escalate privileges and demonstrate practical IT-infrastructure compromise.
The penetration testing results demonstrated the strengths and weaknesses of the cyber defence.
XRAY CyberSecurity showed which critical business risks could potentially be exploited by real attackers and developed effective technical and managerial recommendations for handling identified threats.
Additionally, a set of measures and recommendations was developed to improve the cybersecurity awareness programme for employees and increase resistance to social engineering attacks.
More case studies
View allLAPP
Web application penetration testing across Blackbox, Graybox and Whitebox approaches for a global cable leader.
Read case studyUkrhydroenergo
Two-phase external and SCADA-focused internal testing for the largest hydroelectric power generator in Ukraine.
Read case studyBukovel
External, wireless and internal Blackbox testing across the largest ski resort in Eastern Europe.
Read case studyHave a similar
challenge in mind?
We'll scope a senior-led penetration test against your specific environment — and deliver Technical, Executive and Action-plan reports that translate findings into business decisions.
- Reply within one business day
- NDA on request — no obligation
- Speak directly with our Head of OffSec
- Tailored scope & clear pricing