Knowledge base
icon
Case Studies

Coach Solutions

Web application penetration test
Location

Denmark

Industry

Software development (Shipping)

hero image
element-1
element-2
element-3
About project

Coach Solutions develops software tools that optimize vessel performance and voyage planning for the shipping industry, maximizing profit and minimizing CO2 emissions. Their solutions help the shipping industry to navigate and operate vessels and fleets more profitably and sustainably. The company aims to revolutionize the shipping industry by eliminating friction and guesswork in voyage planning, optimization, and vessel performance.

mockup
Core team

Coach Solutions is created by Danish naval architects and commercial shipping experts, who together with highly skilled software engineers work on making shipping smarter.

Theis Kvist Kristensen
Theis Kvist Kristensen
CTO Coach Solutions
Thomas Hechmann
Thomas Hechmann
CCO Coach Solutions
Christian Råe Holm
Christian Råe Holm
CEO Coach Solutions
Project challenge

Project challenge

The shipping industry relies heavily on securely exchanging sensitive data – everything from voyage plans and cargo details to customer information. Prioritizing data protection, Coach Solutions contacted us to perform a comprehensive penetration test to expose any potential weaknesses in their software systems proactively. This proactive approach demonstrates their understanding that security threats evolve, and continuous vigilance is key to safeguarding data assets.

Solution delivered

Solution delivered

We agreed on a black-box penetration test to best mirror the actions of a determined attacker. This approach allowed us to thoroughly examine the Coach Solutions web application from an outsider's perspective, leaving no potential entry point unexplored. Our goal was to identify not just theoretical flaws but also connect several identified weaknesses into severe exploits. This focus on real-world impact guided our testing strategy and ensured that our findings would translate into meaningful security improvements.

Protect your project with us

Get a detailed estimate of your project with all risks included.

Get in touchmockup
Provided services for Coach Solutions
list-item
Black box penetration test

Conducted black box penetration test of the web application resulting in a prioritized list of security gaps to address.We safely simulated real-world attacks against discovered vulnerabilities where possible, clearly showing their potential impact. This practical demonstration helped the company understand the severity of each flaw and make informed decisions about remediation.

list-item
Mitigation plan for the detected vulnerabilities

Our detailed report categorized each finding, assigned severity levels, and provided specific, actionable steps for the team to fix the issues. This clear and actionable report served as a blueprint for their security improvement efforts.

list-item
Strategic roadmap

We went beyond the immediate report, developing a strategic roadmap that combined quick fixes with longer-term architectural improvements. This plan provided a sustainable path toward more robust security.

list-item
Letter of attestation

Prepared letter of attestation based on the results of conducted penetration test as proof of the test but also as a powerful signal of Coach Solution’s commitment to security. This attestation can bolster trust with clients and partners in a security-conscious market.

Common tools we use

Our security testing arsenal is stacked with cutting-edge tools implementing in different areas like AI in cybersecurity that enable us to identify vulnerabilities in third-party dependies with static analysis tool such as Semgrep, enforce code standards, and fortify your defenses.

OWASP ZAP
OWASP ZAP
Burp Suite
Burp Suite
Arachni
Arachni
SonarQube
SonarQube
Semgrep
Semgrep
Snyk.io
Snyk.io
Maltego
Maltego
SpiderFoot
SpiderFoot
Nmap
Nmap
Wappalyzer
Wappalyzer
Kali Linux
Kali Linux
Parrot Security
Parrot Security
Work approach

Our process balanced technical rigor with a client-focused approach.

1
Detailed analysis

We invested time upfront to understand the tech stack and business objectives deeply. This knowledge informed our testing methodology, ensuring our findings were relevant and actionable.

2
Using best practices

Our general penetration testing approach aligns with recognised best practices and frameworks, including PTES (Penetration Testing Execution Standard) and OWASP Web Application Security Testing Guide. This approach ensures that our findings are technically accurate and actionable within your risk management framework.

3
Combined techniques

We use a combination of automated tools with expert manual techniques for deep analysis and exploitation of complex vulnerabilities, understanding application logic and uncovering subtle flaws.

4
Focus on the solution

Throughout the project, we communicated clearly, answered questions promptly, and focused on solutions rather than merely pointing out problems. Our collaborative approach fosters trust and ensures that our expertise translates into tangible security enhancements for our clients.

Our team
Ihor Sasovets

Ihor Sasovets

Lead Security Engineer

Ihor is a certified security specialist with experience in penetration testing, security testing automation, cloud and mobile security. OWASP API Security Top 10 (2019) contributor. OWASP member since 2018.

Ihor Sasovets
Ihor Sasovets
Ihor Sasovets
Ihor Sasovets
Ihor Sasovets
Ihor Sasovets
Ihor Sasovets
Ihor Sasovets
Ihor Sasovets
Ihor Sasovets
Victoria Shutenko

Victoria Shutenko

Security Engineer

Victoria is a certified security specialist with a background in penetration testing, security testing automation, AWS cloud. Eager for enhancing software security posture and AWS solutions.

Victoria Shutenko
Victoria Shutenko
Victoria Shutenko
Victoria Shutenko
Victoria Shutenko
Roman Kolodiy

Roman Kolodiy

Director of Cloud & Cybersecurity

Roman is an AWS Expert at TechMagic. Helps teams to improve system reliability, optimise testing efforts, speed up release cycles & build confidence in product quality.

Roman Kolodiy
Roman Kolodiy
Roman Kolodiy
Project outcomes

The penetration test results equipped Coach Solutions with the knowledge and tools necessary to address security vulnerabilities proactively, significantly reducing the likelihood of successful attacks. This newfound knowledge directly strengthened the protection of the company's sensitive client data, a crucial asset in the shipping industry. The letter of attestation signifies Coach Solutions's commitment to security, serving as a valuable trust signal for both existing and potential clients. Also, the test catalyzed a security-focused approach within the company's development team. This proactive mindset will contribute to more inherently secure software design, streamlining future security efforts and fostering a culture of continuous improvement.

Get a quote
mockup-1

What the customer says about work with us

mockup
Theis Kvist Kristensen
CTO Coach Solutions
Denmark

“TechMagic has great collaboration and teamwork. Also a good proactive approach to the task.Everything went as planned and on time.”

Why choose TechMagic for security testing
Certified security specialists
Certified security specialists

With certifications PenTest+, CEH, eJPT and eWPT, our team possesses deep expertise and technical skills to identify vulnerabilities and simulate real-world attack. We provide cloud penetration testing, wireless penetration testing, social engineering testing, mobile and web application penetration testing, API penetration testing, external and internal network pen testing.

001
/002
Security and compliance
Security and compliance

We help our clients ensure that their systems and applications are secure and compliant with custom security solutions, mitigating the risk of data breaches, security vulnerabilities, financial losses, and legal liabilities.

002
/003
Proven track record
Proven track record

We have a proven history of 10+ successful projects, helping clients identify security weaknesses and provide actionable remediation guidance to protect their critical assets from web to mobile application security testing. Our approach to offensive security includes using real-world threat actor tools to create attacks that expose vulnerabilities within the environment.

003
/003
Cases that may be of interest to you
Let’s turn ideas into action
award-1
award-2
award-3
Ross Kurhanskyilinkedin
Ross Kurhanskyi
VP of business development