T-Systems MMS carried out a thorough security check on ENSO Energie Sachsen Ost AG in order to identify any potential security vulnerabilities. Under the spotlight were the company's website, its corporate blog, its service and partner portals and its intranet. Along with the findings of the various tests and risk analyses, T-Systems MMS' security experts provided specific recommendations as to how the regional energy provider could systematically and independently improve the security of its applications.
Over a 10-day period and in three phases, the T-Systems MMS specialists carried out a security check. First, working together with ENSO, the test and production environment was defined, potential test risks were discussed, and the scope of the testing was pinned down clearly. A selection of specific test cases was then made, using only test data.
In the second phase, the web applications were automatically scanned for any security vulnerabilities and any attack paths that could be exploited. The configuration of the IT systems was also tested, though the servers and applications themselves were not changed. The T-Systems MMS security experts also manually carried out active hacker attacks on ENSO's Internet and intranet applications.
The third and final phase of the security check involved analysing the test results. A detailed risk evaluation was deployed to determine the security level of the applications that had been tested. To conclude, the T-Systems MMS experts defined certain specific measures which could eliminate the security vulnerabilities.