Case Study - Pentesting - DevOps - Lanista

MP Sports Coaching & Consulting GmbH developed Lanista, a novel, web-based software created in 2012, which aims to transfer the latest technological trends of the industry with high practical relevance to the sports and health industry. The focus is on user-friendliness, flexibility & adaptability in connection with existing solutions.

Lanista App handles sensitive data from its users. That’s why they contacted Gonkar, to help them with their security assessment and understand their position in front of the latest cyber threats to protect their users’ data and meet german and european standards.

Lanista asked Gonkar’s team to perform an external penetration test for different web, mobile apps and cloud services which are part of Lanista App infrastructure. The pentesting type used was BlackBox, with unlimited scope within the Lanista domain. With the security assessment, we managed to find a way to exfiltrate data using SQLi and enumeration techniques.

These kinds of findings represent a critical risk to an organization, like fines from GDPR, reputational damage, customers leaving the platform and a substantial decrease in their revenue.

As a result of Gonkar’s Pentesting service, Lanista received a report stating all findings during the BlackBox assessment. The report explained each discovery in detail, including a PoC, helping the development team to reproduce and fix the vulnerabilities quickly. During the remediation process, supported by Gonkar, Lanista could understand each exposure and apply the best patches.

„Our main responsibility is to keep our customer data secure and adapt fast to the increasingly changing cyber security landscape. Our team was impressed with how clear the report was and the efficient communication between our team and Gonkar’s, and it helped us to fix all issues in time record." Rafael Diaz, CTO.

Following our first security assessment, the Lanista team created a new policy to test their entire infrastructure, new features and apps once per year or before deploying it to production.

As a next step, Gonkar also created a secure development flow using the best DevOps and DevSecOps practices, analyzing and testing Lanista code before deployment.

Lanista git repository was enhanced with CI/CD pipelines running the following stages:

  • Linting
  • Code Testing
  • SAST
  • Deployment

These stages reassure the quality of the code before reaching end consumers.

With the DevOps solution, Lanista also managed to streamline deployment to different environments, this meaning their services can be easily deployed into a different environment like: development, staging, feature-x, and more. In addition, they can test and verify the behaviour of new features before going into production.

That helps Lanista to deliver a state-of-the-art application with great features and security.