Improving Bank's Security Posture Through Security Testing
ICICI Bank is India's largest private sector bank, with presence in 17 countries, including Singapore. ICICI Bank offers a wide range of banking products and financial services to corporate and retail. ICICI requested Pragma to conduct a vulnerability and penetration testing assessment of the FAST payment servers hosted in Singapore and to provide a report on the vulnerabilities found and associated risks. The purpose of this assessment was to verify the effectiveness of the security controls put in place by ICICI to secure business critical information. The internal networks, including systems and application, are important to ICICI as they are utilised to process FAST payments. If accessed inappropriately, it could cause reputational damage and/or financial loss to ICICI and its management.
The nature of the testing performed was designed to replicate the threat of an attacker wishing to gain access to ICICI computer systems or data, through an unknown weakness in the systems and security mechanisms in place.
In an effort to test ICICI ability to defend against direct attack, Pragma executed a comprehensive network vulnerability scan, including exploitation of weakened services, client-side attacks, and server-side attacks using Rapid 7 insightVM.
The report represented the findings from the assessment and the associated remediation recommendations to help ICICI strengthen its security posture.
Pragma identified various issues, a few to be considered for remediation according to ICICI bank risk and patch management processes. Few issues could be remediated if desired, but do not by themselves represent a vulnerability.