»  Welcome   »  Projects   »  Government

Government

Madison Gurkha performs high profile projects for large organizations (quoted on the stock exchange). On this page you will find some examples of projects for governments. References can be provided in the final stages of the decision making process of hiring Madison Gurkha.

National governmental organization

Project: Crystal Box application audit with code inspection.
Technology: Web application with Java (server side)

This governmental organization contracted a company to create a web application for them, which can be used to access and add data to a national register. Because this register contains classified information, IT security should play a big part in the creation of this web application. When it came to IT security, the company that was assigned to create the application did not put enough effort into it.

Essential security measures that should have been taken were not present in many areas of the application. Input and output validation was not implemented. This gave us the possibility to perform SQL-injection in several ways, which made us able to gain unauthorized and unauthenticated access to the data, including changing, adding or deleting data.

Because the source code was available, we could clearly determine that this application was not written with a security mindset. Luckily, this audit took place before the application was put to use.

Waterworks

Project: Black Box Security Audit Laptops
Technology: Laptop

This organization used laptops for the operator service desk to log on to systems from which so called SCADA systems can be operated and monitored. The company wanted to know what risks would occur if one of the laptops got stolen or lost. To find the answer to that question, Madison Gurkha was given a standard laptop used at the operator service desk. This laptop seemed well secured but after taking out the hard drive, a fundamental weakness was exposed. The hard disk was not encrypted, which allowed us to break in and crack user and administrator passwords to log on to the network. The network then gave access to many more systems than necessary. This experience shows how important it is to use encryption (especially on mobile devices).

Communal service

Project: Black Box Audit Internal network
Technology: Windows, Linux, Unix, Routers, Firewalls

This service of a large city wanted us to test the vulnerabilities of their internal network. Networks like this are usually highly vulnerable and this network was no exception. The network was suffering from easy to crack passwords, un-patched systems, absent authentication measures and intrusion detection systems. Combine these findings with the fact that this is an open type of organization where everyone can walk in and out and can gain access to the network without much effort, and you are exposed to unexceptionally high risks.

Ministry

Project: Forensic research Website hacking
Technology: web application

This ministry uses an ASP web application. This web application seemed to be hacked with all the consequences that come with it. The ministry immediately contacted Madison Gurkha. Later that day we did our first research on how and from where the attack was performed. Based on our findings further (legal) actions were taken, and the problems we discovered were solved. This case clearly shows that outsourcing a web application through an ASP model will not solve your IT security risks.