Get in touch
Software · IT services

Pentest for a best-in-class software developer

Network and application security testing for one of the largest Microsoft technology development centres in Eastern Europe.

Industry
Software development
Stack
Microsoft Dynamics 365 · Power Platform
Engagement
External · Internal · SE · App
Driver
ISO 27001

Global Mediator empowers companies to accelerate their digital transformation of business processes on the Microsoft technology stack. Global Mediator focuses on Dynamics 365 Business Central, Power Platform, .NET, and technologies that drive business growth. Global Mediator is one of the largest development centres in Eastern Europe.

The engagement aimed to comply with ISO 27001 requirements for IT risk identification through vulnerability testing — simulating hacker attacks to gain unauthorised access, escalate privileges, or disclose confidential information. Network and Application Security Testing with Blackbox and Graybox methodologies was required.

The scope included external infrastructure reconnaissance using only the company name; Blackbox testing from an untrusted source; and Graybox testing simulating an insider to evaluate security controls, roles, and configurations. Network perimeter testing, social engineering techniques, and comprehensive application testing were conducted.

BlackboxGrayboxExternalInternalSocial engineeringApp testing

Our pentesting methodology is based on leading standards — PTES, NIST SP 800-115, OSSTMM, OWASP — and improved by our own 15 years of experience.

PTESNIST SP 800-115OSSTMMOWASP

During pentesting, a full set of common pentester tools was used — but the main key to success was manual analysis: interconnecting individual vulnerability exploitation results to escalate privileges and demonstrate practical IT-infrastructure compromise.

The client gained a clear understanding of their cybersecurity posture, vulnerabilities, and areas requiring improvement. The testing provided insights into potential exploits, enabling risk mitigation and defence strengthening.

The pentest helped fulfil ISO 27001 requirements, achieving certification and demonstrating commitment to information security best practices. The project delivered actionable intelligence and a roadmap to address security gaps, harden IT infrastructure and applications against cyber threats, and ensure compliance.

More case studies

View all
Manufacturing · Industrial

Distar

Infrastructure pentesting and social engineering for the largest diamond tools manufacturer in Eastern Europe.

Read case study
Critical infrastructure · Energy

UkrTransGaz

Targeted SAP ERP and IT-infrastructure assessment for the operator of Ukraine's underground gas storage facilities.

Read case study
Telecom

VEON

Full-stack assessment of a newly built corporate IT environment for a mobile operator serving ~160 million customers.

Read case study
Move forward with confidence

Have a similar
challenge in mind?

We'll scope a senior-led penetration test against your specific environment — and deliver Technical, Executive and Action-plan reports that translate findings into business decisions.

  • Reply within one business day
  • NDA on request — no obligation
  • Speak directly with our Head of OffSec
  • Tailored scope & clear pricing

Tell us about your project

We'll get back within one business day.