PZU Cash S.A. manages the Cash Portal – the first employee benefits portal in Poland offering financial wellness services.
Cash Portal is a service for employers who want to provide their employees with more than just the standard package of non-wage benefits. Financial products, offered by banks and other entities within the PZU Group via the Cash Portal, are an attractive supplement to the benefits and social provisions available in the workplace.
PZU Cash aims to support employees in various matters related to their household budget, which is why the services available on the portal address diverse needs. Through the portal, employees can borrow money, consolidate debts, or take out a mortgage loan.
Facts and figures
Full name
PZU Cash S.A.
Industry
Finance
Products offered by the client
- Benefits and social benefits available in the workplace
What did the client expect?
The task involved conducting security tests on the PZU Benefity platform. Due to continuous updates and the ongoing development of the platform, PZU wanted to ensure that the security measures were functioning correctly and that the system was resistant to external attacks. The proposed solution, flexibility, and availability were the deciding factors that led PZU to choose PBSG for collaboration.
The project was divided into stages, including tests and retests. The tests were conducted remotely.
What did we do?
WE DEFINED THE TEST OBJECTIVE
First, we conducted a reconnaissance, reviewing the current security status of the platform and identifying potential attack vectors.
WE CONDUCTED PENETRATION TESTS
We conducted a controlled attack (simulation) on the most likely attack vectors that could disrupt the platform’s operation.
WE DELIVERED A REPORT
We prepared a practical and clear report. It included a description of the identified vulnerabilities and recommendations on how to address them.
WE CONDUCTED RETESTS
After conducting the tests and addressing the vulnerabilities, we performed retests to assess the level of improvement in the platform’s security.
What were the results?
Thanks to the specialized team of pentesters, the PZU Benefity platform was thoroughly tested and hardened against potential attacks. We focused not only on the tool itself but also on the technology used. This approach ensured that the platform was comprehensively tested for IT security.
The client required flexibility and minimal disruption to the organization’s ongoing operations. Therefore, the tests were carried out remotely and according to the schedule, allowing us to obtain reliable results in a relatively short time. We met these requirements excellently.
Security tests were performed following the best industry practices, including:
- OWASP Web Application Penetration Testing
- Penetration Testing Execution Standard (PTES)
- Open Source Security Testing Methodology Manual (OSSTMM)
- OWASP Top 10
At the end of the project, the client received a practical report, detailing the vulnerabilities discovered along with how they could be triggered. We also outlined ways to mitigate the identified risks, reducing the likelihood of their occurrence.
What did the client gain?
Increase in the security level of the PZU Benefity platform.
Overall assessment of the security level of the benefits platform.
Recommendations and a list of corrective measures, allowing for the planning of remedial actions and the elimination of threats.
Increased employee awareness of potential threats and how to counteract them.
