Client
On the behalf of Leicestershire Police and Pervade Software, Prism Infosec conducted a web application and virtual machine review of the National Police Chief’s Council CyberAlarm initiative.
Challenge
The client sought to ensure the secure handling of personal data and to identify any vulnerabilities that could compromise end users or system integrity. Critical areas of concern included the authentication mechanisms, secure transmission of data logs, protection against information leakage and Man-in-the-Middle (MitM) attacks, and the strength of key exchange and receiver security. Additionally, the organisation needed to validate that the application adhered to best practices in configuration and installation security.
Solution
Prism Infosec conducted a comprehensive Web Application Security Assessment, beginning with an evaluation of pre-authentication functionality. Testing followed the OWASP Top 10 framework and focused on identifying flaws such as input injection, cross-site scripting, broken authentication, and insecure session handling. Specific business logic assessments were also performed to verify proper access control, data validation on import/export, secure handling of objects, and compliance with data protection regulations. The security of the virtual machine environment was also reviewed to ensure that it did not introduce configuration weaknesses or expose the system to unauthorised access.
Results
The engagement resulted in a detailed security assessment report for the client, including a management summary, scope overview, and a full breakdown of identified issues with severity ratings, technical detail, and remediation guidance. High and critical findings were communicated promptly through daily and end-of-engagement wash-up meetings. The assessment gave the client clear, actionable insight into their security posture and provided a robust foundation for securing both the application and its supporting infrastructure.
