Energetyka
|CS.109
CSIRE System API Security Testing
Comprehensive security testing of the Central Energy Market Information System - penetration, configuration, and production verification.
Client
Leading entity in the Polish energy sector
Challenge
CSIRE (Central Energy Market Information System) is an extensive platform comprising user portals, dedicated applications (My IRE, Certification System), and B2B API interfaces. Each component represents a potential attack vector requiring dedicated security analysis.
Approach
Penetration testing per OWASP ASVS
Web, API, and WAF testing across 7 areas: authentication, sessions, access control, data validation, cryptography, error handling, and business logic.
Configuration review
On-premises and Azure infrastructure audit (up to 200 instances) using Nessus and OpenSCAP. Verification of Firewall, WAF, NSG, IAM, and RBAC.
Production verification
Comparison of test and production environment configurations to identify discrepancies.
Retesting
Re-verification after implementation of remediation recommendations.
Results
Security map per OWASP ASVS Level 2 across 7 areas
Configuration review of up to 200 instances (on-premises + Azure)
Executive summary, vulnerability descriptions with CVSS scores, and remediation plan
Verification of test and production environment consistency
Related case studies
CS.114
Physical Security Audit of a Transmission Operator's OT
Physical security assessment of transmission facilities in the context of hybrid threats - at the intersection of physical security and ICS/SCADA systems.
CS.113
Comprehensive OT Technology Network Security Audit
Multi-phase TAN audit of an energy operator - from IT/OT segmentation testing to physical access attempts and retesting within 90 days.
CS.117
OT Security of Renewable Energy Farms
OT security assessment of distributed wind and photovoltaic farm infrastructure.
We'll discuss scope, methodology, and timeline.
Free consultation, no strings attached.