wefox-case-study
  • Insurance
  • Case Study

Wefox

Description
wefox-logo

The insurance company wefox, due to its heavy reliance on its digital exposure and its commitment to continuous improvement, wants to submit its core systems to an Ethical Hacking and Vulnerability Assessments audit. For this purpose, they rely on Wise Security. The company's objectives can be summarized as follows: 

  • Protect web platforms from cybersecurity threats that can cause downtime or business degradation. 
  • Ensure the highest security standards for infrastructure migration to AWS. 
  • Prevent customer data leakage. 
  • Review and optimize current operations. 
  • Build digital trust among customers. Raise awareness and empower the organization. 

The company becomes aware of its real vulnerabilities, can anticipate to prevent an attack and reaffirms its commitment to cybersecurity and as a consequence improves its reputation and increases the trust of its customers. 

The history

Wefox is Europe's No. 1 digital insurer. wefox was founded with a grand vision in mind: to improve and offer people real security.

The challenge

The insurer, which is trusted by customers in five countries (8 offices in Europe, over 600 employees and more than 1000 advisors) is taking on the challenge because of its heavy reliance on its digital exposure and its commitment to continuous improvement. That's why they want to submit their core systems to an Ethical Hacking and Vulnerability Assessments audit for which they rely on Wise Security.

"It is very clarifying to expose ourselves to a controlled attack from a third party to do self-criticism and see where we are defenseless. Cyber-attacks evolve and our systems must be under continuous review to keep them bulletproof."  Oriol Solà. CISO of wefox

The solution

The EHVA Wise Security team gets to work.

PENTESTING

The actions to be carried out by the EHVA team are the following:

A. Web Application Security Review - DrydWeb

B. Mobile App Security Review – DrydAPP

C. Wi-Fi Infrastructure Security Review

D. Cloud Environment Security Review: Amazon Web Services and Salesforce

A. Application Security Review

Drydweb is a proven methodology, which combines the most advanced tools on the market, with those we have developed internally. Through an automatic and manual review process, we can perform a complete analysis of the web application. Additionally, we review all points that OWASP considers critical.

B.Mobile App Security Review – DrydAPP

Our proven methodology allows you to verify and improve the security of mobile applications.

C.Wi-Fi Infrastructure Security Review.

The review of the Wi-Fi infrastructure includes a series of actions to verify the confidentiality, availability and integrity of communications.

  • Checking the signal range
  • Measure the strength of encryption protocols and handshakes.
  • Verification of authentication and authorization mechanisms
  • Verification of the existence of overlaps and the possibility of spoofing for the different SSIDs
  • Discovery of the infrastructure accessible from the Wi-Fi network

D. Cloud Environment Security Review: Amazon Web Services and Salesforce

D.1. SALESFORCE: To secure and protect information and applications developed and deployed on Salesforce, Wise Security conducts an in-depth review of: Salesforce Applications and Salesforce Connections.

D.2. AWS (AMAZON WEB SERVICES): Wise Security uses proprietary and third-party tools to perform security checks and security assessments in cloud environments to ensure the reliability and accuracy of the results.