INTRINIUM CASE STUDY:
The Washington State Department of Licensing in Olympia, Washington is a state-level government agency that administers vehicle registration and driver licensing. Every day the Department of Licensing issues over 1,100 original driver licenses and nearly 3,400 driver license renewals, renews the registration of over 28,000 vehicles, processes over 3,000 original vehicle titles, and issues or replaces nearly 6,600 license plates.
In order to modernize and replace the Department’s processes and information systems that were obsolete, the development of replacement solutions was underway. Given the sensitive nature of these solutions, the security and integrity was of upmost importance.
The Department of Licensing understood that the new solutions would need to be analyzed and tested and therefore, began seeking a vendor to provide penetration & vulnerability testing services for these complex and highly visible solutions that were under development.
Intrinium was selected to evaluate the security of several web applications, attempt to gain unauthorized access to systems and data, and provide detailed reports containing the vulnerabilities discovered and exploited. remediated. Intrinium would then validate the remediation of the exploited vulnerabilities for confirmation that the vulnerability had been remediated.
The Result was to ensure that all data stored within the application is properly protected as well as the access methods to add, delete, or modify that data.
Weaknesses were identified and verified to ensure false positives were eliminated. Upon completion, a detailed report which describes all testing and results was provided outlining recommendations for remediation of discovered vulnerabilities. A detailed testing matrix with analysis of raw data and specific recommended actions was also contained in the report.
Due to the vulnerabilities discovered and the fixes recommended, the Department of Licensing, its staff, and their customers can be confident in the security and integrity of the services being offered. The new solutions can be implemented with assurance that any sensitive information will be protected, and will perform as was intended.