When leading international education provider Kumon needed a leading partner to provide independent assurance of potential security vulnerabilities within their web application system, they turned to Gridware. We performed comprehensive web application assurance, as well as providing leading solutions to the organisation that are now being implemented
Background
Kumon is a leading international education and tutoring platform that provides supplementary, after-school learning programmes for students of all ages. Founded by Toru Kumon in 1955, Kumon has rapidly become a notable tutoring service, with over four million students and operating in over 50 countries worldwide. To ensure that Kumon could continue to operate at their best abilities, they engaged with Gridware for a web application penetration test.
Challenge
For Kumon to operate technologies on such a large international level, significant challenges can arise, as malicious threat actors are provided with multiples points of entry.
While Kumon’s team had the ability to independently assess their own web application security, the business needed a leading partner to provide independent assurance of potential security vulnerabilities within their web application system as well as their respective solutions.
The Solution
A preliminary review was undertaken before the assigned date of testing to establish which areas of Kumon’s web application were being tested.
A scope and timeline were generated during our rules of engagement meeting by the Gridware penetration testing team to ensure that Kumon’s web application would not be disrupted.
Gridware’s penetration testers undertook a complete investigation of Kumon’s web application services, utilising the latest tools that operate effectively with the application.
The testing team ensured they conducted a combination of vulnerability scanning and manual penetration testing to identify any security gaps or attack vectors which may have placed the application at risk of a cyber-attack. In doing so, Gridware identified several opportunities for improvement in their cybersecurity architecture that benefited from our recommendations.
Once the testing was complete, a detailed report was prepared for Kumon’s development team which highlighted any specific vulnerabilities in Kumon’s web application services, alongside their corresponding remediation activities. By following a risk-based vulnerability identification approach, Kumon had the ability to systematically address the issues found and attend to the most significant vulnerabilities first.
Following confirmation by Kumon’s development team that any potential vulnerabilities were addressed, Gridware conducted re-verification testing to confirm that all changes had been made correctly and that no subsequent issues arose.
The Outcome
Gridware’s collaboration with Kumon added significant value to the business’ competitiveness within the education market, as their web application was assessed against the best practice standards and protocols for security.
Furthermore, as Gridware’s testing was conducted in a staged development environment, Kumon experienced no disruption to their platform.
Gridware’s Penetration Testing Services ensured that Kumon maintained their contractual and regulatory compliance requirements while adding confidence to Kumon’s clients and Board.
