From 29 November till 20 December 2010, the Prevenity team performed a security audit of web application and it's supporting IT infrastructure for one of the largest service companies in the IT industry in Poland.

The aim of the audit was to provide an independent assessment of security of the subject of the audit. As a part of the audit the following activities were performed:

• Penetration test of servers located in the demilitarized zone performed from the Internet,
• Penetration test of IT infrastructure supporting web application,
• Penetration test of web application, consisting of detecting vulnerabilities in:
  • Web server ant its configuration,
  • Configuration of PKI elements applied,
  • Authentication and authorization mechanisms used,
• Analysis of servers' and services' configurations