Learn how wefox builds a cybersecurity infrastructure with Wise Security Global EHVA solutions
Know more about our EHVA solutions
“The first step in giving confidence to our customers is to know what our attack weaknesses are and eliminate them. Therefore, Wise has put our portal, wefox’s business-critical tool, to the test“.
Oriol Solà. CISO at wefox
The challenge
The insurance company, due to its heavy reliance on its digital exposure and its commitment to continuous improvement, wants to submit its core systems to an Ethical Hacking and Vulnerability Assessments audit. For this purpose, they rely on Wise Security Global.
The objectives
- Protect the web platforms from cybersecurity threats that can lead to business downtime or degradation.
- Guarantee maximum security standards over infrastructure AWS migration.
- Avoid Customer Data Leakages (Personal Data & Credit Card Info) Review and optimize current operations.
- Generate Digital Trust among clients.
- Raise awareness and empower the Organization.
The benefits
With it wefox: Becomes aware of its true vulnerabilities, it can anticipate to prevent an attack, reaffirms its commitment to cybersecurity and as a consequence improves its reputation and increases the trust of its customers.
The situation
wefox is Europe’s #1 digital insurer. wefox was founded with a great vision in mind – to make insurance simple and make people be safe. wefox uses technology to make insurance simple. ‘Better technology means we’re more efficient – so we save a lot of cash, which we pass on to you. We ask less questions and make insurance easy. So you can spend time thinking about other things’.
The challenge
The insurance company are trusted by customers in five countries. (8 offices in Europe 600+ employees, 1000+ advisors), and due to its heavy reliance on its digital exposure and its commitment to continuous improvement, wants to submit its core systems to an Ethical Hacking and Vulnerability Assessments audit. For this purpose, they rely on Wise Security Global.
“It is very clarifying to expose ourselves to the controlled attack of a third party to make self-criticism and see where we are weaker. Cyber-attacks evolve and our systems must be continuously reviewed to make them bulletproof”.
Oriol Solà. CISO at wefox
The solution
PENTESTING
The actions to be carried out by the EHVA team are the following:
- Web application security review – DrydWeb
- Mobile Application Safety Review – DrydAPP
- Wi-Fi infrastructure security review
- Cloud Environment Security Review – Amazon web services and Salesforce
1.Web application security review DRYDWEB.
Drydweb is a proven methodology, which combines the most advanced tools on the market, with those that we have developed internally. Through an automatic and manual review process, we are able to perform a complete analysis of the web application. In addition, we review all the points that OWASP considers critical.
2. Mobile Application Safety Review – DrydAPP.
Our proven methodology allows to check and improve the security of mobile applications, following our procedure listed below.
3.Wi-Fi infrastructure security review.
The Wi-Fi infrastructure review includes a series of actions to check the confidentiality, availability and integrity of communications.
- Checking the signal range
- Measuring the robustness of handshakes and encryption protocols
- Checking authentication and authorization mechanisms
- Verification of the existence of overlapping and possibility of spoofing for the different SSID
- Discovery of the infrastructure accessible from the Wi-Fi network
4.Cloud Environment Security Review – AWS and Salesforce.
4.1. SALESFORCE: In order to guarantee and secure the information and applications developed and deployed in Salesforce, Wise Security Global conducts an in-depth review of: Salesforce applications and Salesforce Connections .
4.2. AWS (AMAZON WEB SERVICES): Wise Security Global uses proprietary and third-party tools to perform security checks and security assessments on cloud environments to ensure the reliability and accuracy of results.