Client Background:
Davintoo Ukraina is a modern software development company in Ukraine, specializing in creating IT solutions for staff training, certification, internal communications, data analysis, and eLearning platform integration within a company’s IT environment.
Their flagship product, LMS Collaborator, is a Learning Management System designed for corporate onboarding, personnel development, and assessment with flexible integration capabilities. A product that is already used by dozens or hundreds of companies.
Project Trigger:
The need for penetration testing arose to comply with ISO 27001 certification and to confirm the high level of security and protection of the web-application and client data.
This certification would validate Davintoo Ukraina’s commitment to implementing robust information security management practices and demonstrate their ability to secure sensitive data within the LMS Collaborator platform.
Solution:
To address the security requirements and obtain ISO 27001 certification, Davintoo Ukraina commissioned a comprehensive black-box and gray-box web application penetration testing engagement.
This testing was conducted in accordance with OWASP (Open Web Application Security Project) and other relevant web application security testing methodologies by a dedicated pentest team who are focused specifically on evaluating the security of web applications.
Results:
Upon completing the penetration testing, a detailed technical and executive report was provided to Davintoo Ukraina, outlining the identified vulnerabilities and potential risks.
After the client addressed and remediated the identified vulnerabilities, a re-test was conducted to validate the effectiveness of the remediation efforts.
Subsequently, a final report was issued, confirming the high level of security achieved for the LMS Collaborator web application, allowing Davintoo Ukraina to proceed with the ISO 27001 certification process.
