Case Study: Securing a Web Platform for Sensitive Data Collection

Overview
A large card manufacturing and personalization bureau in the Philippines engaged VEKTOR to assess and secure a web platform used for collecting and encoding sensitive personal data onto smart cards. With over 100 million users across sectors, the platform required rock-solid security before going live.

​

Objective
To identify and remediate vulnerabilities in the customer-facing interface that could expose personal data or compromise operations.

​

Approach
VEKTOR conducted a full Black Box Penetration Test following the OWASP Testing Guide, including:

​

• OSINT-driven reconnaissance of the platform

• Passive and active vulnerability scans

• Controlled simulated attacks on the live environment to assess exploitability

​

Outcome
A detailed penetration test report outlined:

​

• Security gaps in configuration and coding

• Clear remediation guidance

• Proof-of-concept evidence where applicable

​

All recommendations were implemented prior to platform launch, giving PSSIC the assurance of a hardened and compliant system.

​

"VEKTOR’s testing gave us confidence that our platform could withstand real-world threats before we went live.”

-Lead Project Manager