In today's digital landscape, where cyber threats evolve at an alarming pace, robust security measures are no longer optional for business-critical applications. For ERP systems that manage sensitive financial, operational, and customer data, security vulnerabilities can lead to devastating consequences, from data breaches and economic losses to regulatory penalties and irreparable reputational damage.

​

At Everest Systems, we understand that our customers entrust us with their most valuable business data, which is why we have partnered with Hackrate to ensure the utmost standard. Our security approach is based on several building blocks, e.g. compliance to industry standards. Penetration testing is one of the cornerstones of our security practice and we were therefore looking for an approach that can meet our requirements for a independent, comprehensive, efficient penetration testing by proven experts This allows us to proactively identify vulnerabilities before malicious actors can exploit them, validating our security controls, and ensuring compliance with industry regulations, we maintain the integrity and trustworthiness of our ERP platform.

 

The Everest-Hackrate Partnership: A New Approach to Security Testing

 

Everest Systems partnered with Hackrate to meet these demanding criteria, whose innovative approach bridges the gap between traditional penetration testing methods. Hackrate's methodology uniquely combines the advantages of bug-bounty programs and dedicated penetration engagements, offering the best of both worlds. 

 

Our collaboration began with jointly defining the scope, timeline, and budget for a thorough penetration testing project. We decided to include both authenticated and unauthenticated attacks on the Everest platform to obtain a general assessment of our security maturity. The testing would evaluate protection against common attack patterns like SQL injection and cross-site scripting (XSS), while also examining advanced aspects such as tenant isolation and privilege escalation.

 

How the Testing Unfolded

 

Hackrate conducted an intensive penetration testing engagement for Everest Systems for a focused period. Their approach was methodical and comprehensive:

1. Team Selection: Hackrate curated a team of 30 ethical hackers from their community, specifically chosen based on their skills and alignment with Everest's technology stack. These ethical hackers hold several prestigious cybersecurity certifications, including CISSP, OSCP, OSCE, CREST CRT, CRTP, among others.

2. Preparation Phase: Our teams collaborated to identify the most important vulnerability types and understand the goals of the assessment, resulting in a detailed "Program Rules" document that served as our project plan.

3. Testing Infrastructure: The assessment utilized HackGATE, a managed gateway designed for security testing that operates at the application level (Layer 7 of the OSI model), allowing for controlled and logged traffic to generate transparent reports.

4. Creative Reconnaissance: Each security researcher employed unique methodologies to uncover what might be missed by conventional tools and techniques.

5. Diverse Testing Approaches: The methodology ensured variety in testing, realistically simulated real-world attacks, and emphasized discovering exploitable, high-impact vulnerabilities using modern testing tools.

6. Real-time Validation: Hackrate's security analysts validated each vulnerability as it was reported, categorizing findings against industry-standard frameworks. 

 

Results and Benefits: Strengthening Our Security Posture

 

The results of our partnership with Hackrate provided valuable insights into our security posture. As noted in their assessment:

“Everest's decision to prioritize quality in their cybersecurity efforts highlights their commitment to excellence. I'm grateful to work with customers who go beyond the checklist and truly care about cybersecurity. Our crowdsourced security testing solution helps to identify and address vulnerabilities that traditional testing methods might miss. This proactive approach ensures that Everest's systems remain secure and resilient.”

 

This independent verification confirmed our security development approach while highlighting areas for improvement. The benefits of this partnership extended beyond just finding vulnerabilities:

• Comprehensive Security Assessment: A diverse team of ethical hackers thoroughly evaluated our platform's security maturity.

• Prioritized Remediation: Clear categorization of vulnerabilities allowed us to address the most critical issues first.

• Knowledge Transfer: Direct interaction with ethical hackers enhanced our team's security awareness and skills.

• Transparent Reporting: The HackGATE platform provided detailed visibility into testing activities and findings.

• Continuous Improvement: The process established a foundation for ongoing security testing and enhancement.

 

An Ongoing Commitment to Security Excellence

 

Our partnership with Hackrate represents more than just a one-time security assessment; it reflects our ongoing commitment to maintaining the highest security standards for our customers. As Holger Mack, Security Lead at Everest Systems, notes:

"The engagement was a joint effort in close co-operation between Hackrate and Everest teams. Hackrate provided a valuable independent view on our security efforts. This was helpful to confirm our security approach but also pointed to some valuable findings that helped us to improve the security of our platform - this will help us to give customers more confidence in the Everest ERP platform. The Hackrate approach and platform proved to be an invaluable tool for exchange between ethical hackers and the Everest team, and it gave us great visibility in hacker activities. The approach fits well to the requirements of modern SaaS platforms."

 

At Everest Systems, we recognize that security is an ongoing journey. While no system can claim to be completely impenetrable, our partnership with Hackrate demonstrates our dedication to continuously testing, learning, and strengthening our defenses. By combining our internal security expertise with Hackrate's innovative approach to penetration testing, we're building a more secure ERP platform that our customers can trust with their most valuable business data.

 

As cyber threats continue to evolve, so will our security practices. Our collaboration with Hackrate is just one example of how we're staying ahead of potential vulnerabilities to provide our customers with the secure, reliable ERP solution they expect.