Security for eBanking Application by audit and penetration testing

Bank CIC (Switzerland) Ltd.,headquartered in Basel, is a Swiss foreign bank operating as a universal bank. Its core business comprises commercial banking as well as asset management and related financial services. Bank CIC has been active in Switzerland for more than 100 years and employs more than 400 people in about 10 branch offices.

terreActive has already had the pleasure of completing several projects for this flexible bank for companies, entrepreneurs and private individuals with complex financial needs. Here is an overview.

Audit of the new bank eBanking application (2018/2019)

  • A new eBanking application is launched and successively extended by functions, which are audited in advance by terreActive within the scope of a project support lasting several months.
  • The project includes reviews of concepts and IT architectures as well as technical penetration tests and system assessments. Second opinions on specific security issues were also addressed.

Targeted penetration testing of the eBanking application (2021)

  • Identification of potential attack surfaces, testing of application integrity and availability.
  • Analysis from the perspective of an unregistered as well as a registered user (external/internal view).
  • Examination of rights escalation (can one user use the access rights of another).
  • Detailed, separate examination of the application's self-onboarding process.

      Output:

  • Executive summary for general risk assessment (non-technical, for management).
  • Security analysis for the IT team with details on the procedure and findings including recommended measures.

Audit and analysis of the eBanking application (winter 2021)

The focus was on the analysis findings from the summer as well as the efficiency check of the measures implemented in the meantime.
Additional security analysis of the "contact us" function and review of the entire range of functions from an external perspective.

terreActive is a reliable partner and always reacts flexibly to our wishes. The cooperation is very pleasant. Thanks to the findings from the tests and analyses, we have always been able to meet our very high safety requirements in the best possible way.
Fabian Wüst
Head of IT Security
Bank CIC