GCP/Kubernetes/Web pentest for e-publishing SaaS

by Olga Kovalenko 30.04.2025 5 min
Threat Modeling Workshops, Penetration Testing, Cloud and Container Security Audit
Client: Superlocal (Innocode product)
Industry: Digital Media and Publishing
Company Size: 51 to 200 Employees
Services Used: Threat Modeling Workshops, Penetration Testing, Cloud and Container Security Audit

Save this case study in PDF

Download PDF
Let’s talk!

Reach out to discuss your needs and see how Iterasec can help.

Contact us

Client

Superlocal is a product of Innocode, a company specializing in developing innovative digital solutions for media and publishing aimed at local communities. Superlocal enables local media companies to build user loyalty and generate new revenue streams by leveraging social media at the hyperlocal level. Recognizing that events, anniversaries, club information, and other local content form the glue of society, Superlocal focuses on providing highly relevant content to individuals in a timely and cost-effective manner. This product is fully customizable, allowing organizations such as local media companies, community groups, and government entities to aggregate, curate, and distribute local content easily and user-friendly.

Background

As Innocode's product gained popularity among local media companies and communities, the company recognized the increasing importance of ensuring the security and reliability of their platforms. Managing sensitive user data and offering a wide array of customizable features necessitated a robust security framework. To safeguard against potential cyber threats and maintain client trust, Innocode sought a comprehensive security review of their entire ecosystem, including web applications, backend systems, mobile apps, and cloud infrastructure.

The Challenge

Superlocal engaged Iterasec to achieve several key objectives:
Holistic Security Assessment: Perform a full-cycle penetration test of all components, including customer-facing applications, mobile apps, APIs/backends, and cloud and container environments.
Enhance Security Measures: Identify and remediate vulnerabilities to protect Superlocal against potential cyber threats and data breaches.
Collaborative Threat Modeling: Conduct joint threat modeling exercises to involve the product team and enhance their understanding of security risks.
Compliance with Best Practices: Ensure adherence to industry security standards and best practices, such as OWASP ASVS/MASVS and CIS Benchmarks.

The Solution

To address these challenges, Iterasec assembled a dedicated team of a Senior Security Consultant, two Penetration Testers, and a Delivery Manager. This team's combined expertise ensured a thorough and effective approach to enhancing Superlocal's security posture.

Joint Threat Modeling Exercise

  • Proposed and led a collaborative threat modeling workshop to involve Superlocal’s product team from the outset.

  • Conducted an introductory session explaining threat modeling methodologies and fundamentals.

  • Created a Data Flow Diagram (DFD) to clarify how data moves through the application.

  • Facilitated two in-depth threat modeling sessions, pinpointing potential threats and improving the team’s overall security awareness.

Dedicated Security Team

  • Assembled a specialized group comprising a Senior Security Consultant, two Penetration Testers, and a Delivery Manager.

  • Leveraged their combined expertise to ensure a thorough and effective enhancement of Superlocal’s security posture.

Comprehensive Penetration Testing

  • Performed extensive security tests on Superlocal’s web and mobile applications, along with their API interfaces.

  • Followed OWASP ASVS and MASVS guidelines, focusing not only on common vulnerabilities but also on uncovering more subtle issues.

  • Simulated sophisticated real-world attacks by attempting to chain multiple lower-severity vulnerabilities into critical exploit scenarios.

Cloud and Container Security Audit

  • Recognized the importance of Superlocal’s cloud infrastructure and thoroughly audited the Google Cloud Platform (GCP) and Kubernetes environments.

  • Employed CIS Benchmark tools and manual analysis to identify misconfigurations and vulnerabilities across cloud and container systems.

  • Recommended improvements to strengthen overall infrastructure security and reduce the risk of unauthorized access or data exposure.

Reporting and Remediation Support

  • Compiled all findings into a detailed penetration testing report, prioritizing remediation steps based on severity and potential impact.

  • Collaborated closely with Superlocal’s development and operations teams to ensure security issues were addressed correctly.

  • Provided hands-on guidance through the Senior Security Consultant and Penetration Testers, while the Delivery Manager coordinated tasks and maintained transparent communication.

The Outcome

Enhanced Security Posture: The comprehensive security assessment led to the identification and remediation of critical vulnerabilities across Superlocal's platform. Superlocal significantly strengthened their security framework, reducing the risk of data breaches and cyber attacks.
Increased Security Awareness: The joint threat modeling sessions enhanced the product team's understanding of potential security threats, fostering a security-conscious culture within the company.
Compliance with Best Practices: By adhering to OWASP ASVS/MASVS and CIS Benchmarks, Superlocal aligned its security practices with industry standards, boosting client confidence and credibility.
Efficient Remediation and Ongoing Support: Iterasec support ensured that security fixes were applied effectively, minimizing potential disruptions and strengthening the partnership between Iterasec and Superlocal.

Conclusion

Iterasec collaboration with Superlocal shows our commitment to delivering tailored cybersecurity solutions that provide real value. Through a holistic security review encompassing threat modeling, extensive penetration testing, and cloud security audits, our team helped Superlocal enhance the security of their platform, protect sensitive data, and comply with industry best practices. The expertise and collaborative approach of our team allowed Superlocal to focus on delivering innovative solutions to local communities, confident in the robustness of their platform's security posture.