Services

Software Development

Security Services

Cloud Services

Other Services

Software Development

Web Development

Building responsive web platforms

Frontend Development

Developing seamless interfaces

Backend Development

Ensuring robust server systems

MVP/PoC Development

Validating ideas with prototypes

SaaS Development

Designing scalable cloud-based solutions

Legacy Modernization

Upgrading outdated systems effectively

Digital Transformation

Innovating with advanced technology

Security Services

Cybersecurity Services

Comprehensive protection against threats

Penetration Services

Attack simulation to identify vulnerabilities

Managed Services

Proactive security management outsourcing

ISO Consulting

Achieving ISO certification standards

SOC2 Consulting

Preparing for SOC2 audit compliance

Virtual CISO

Expert cybersecurity leadership on-demand

Social Engineering

Human-based security breaches prevention

DevSecOps Services

Security integration into DevOps

Cloud Services

Cloud Implementation

Smooth cloud infrastructure deployment

Azure Consulting

Microsoft Azure solutions optimization

Google Cloud Consulting

Maximizing Google Cloud potential

AWS Consulting

AWS infrastructure performance enhancement

Other Services

Discovery Phase

Project scope and vision defining

UI/UX Design

Creating intuitive, user-friendly designs

AI Intelligence

Intelligent AI solutions building

Test Automation

Automated testing for accuracy

Data Engineering

Transforming data into insights

CTO-as-a-Service

Expert leadership without hiring

Salesforce Development

CRM capabilities maximization

All Services
Industries
TOP
Healthcare App Development

We create patient care and health monitoring apps, as well as complex medical management and telehealth systems, with the user's needs in mind

Telemedicine SoftwareHealthcare IT ConsultingEHR/EMR SolutionsMobile Healthcare Software
logo
logo
logo
logo
TOP
Hospitality Transformation

We develop digital solutions for hospitality that enhance guest experiences, optimize operations, and boost service efficiency across hospitality businesses

Financial App Development

We specialize in building secure, scalable financial apps, including trading systems and banking infrastructure, that validate business ideas in the financial sector

Marketing App Development

We develop powerful marketing apps that drive campaign management, engagement tracking, and analytics to help you achieve promotional goals

HR App Development

We build apps with rich functionality for talent and employee engagement, HR processes, payroll management, and performance tracking

Clients
A video-first hiring platform enhanced by AI tools

A video-first hiring platform enhanced by AI tools

Micro-investment app

Micro-investment app

Platform for medical administration

Platform for medical administration

Business process visualization app

Business process visualization app

AI-powered guide for Salesforce

AI-powered guide for Salesforce

HIPAA-compliant EMR portal

HIPAA-compliant EMR portal

Internal audit of the Information Security Management System

Internal audit of the Information Security Management System

Penetration tests for fintech company

Penetration tests for fintech company

Penetration test of cloud-native hospital management system

Penetration test of cloud-native hospital management system

All Case Studies
Company
About Us

TechMagic is a full-cycle software product development company

Client Testimonials

Read what our clients say about TechMagic

FAQs

Find answers to the most commonly asked questions

Dedicated Development Team

Discover more about our custom-built teams for your project

Remote R&D Center

Find out how a remote research and development center works

Fixed Price Software Development

Explore more about scalable solutions with fixed pricing

our brands
our brands
Salesforce development company

Salesforce development company

Design agency with accessibility in mind

Design agency with accessibility in mind

Recruitment agency

Recruitment agency

Partnership
Career
Jobs (We are hiring!)

Discover relevant job opportunities and become a part of the TechMagic team

About career at TechMagic

Join TechMagic to grow as a professional in a supportive environment

Social Package & Benefits

Enjoy a full social package and benefits that support your well-being, growth, and work-life balance

TechMagic AcademyTechMagic Academy

Розвивайся з курсами, які підготують тебе до роботи в TechMagic. Кращі студенти отримають шанс приєднатися до нашої команди!

Resources
Blog

Expert articles full of insights and best practices

Top Tags
Top Tags
HealthTechHospitalityAISecurity
White Papers

Comprehensive research and analysis of relevant topics

Popular white papers
Popular white papers
AWS GuideWealthtech TrendsProject DeliverablesHR Tech
Webinars

Live expert sessions with industry challenges and solutions

Popular webinars
Popular webinars
AWS IAM Security Deep DiveCost-Effective AWS Security
Contact us
iconCase Studies

Unumed

Penetration test of cloud-native hospital management system before annual ISO 27001 audit
Location

denmark.svg Copenhagen, Denmark

Industry

HealthTech

Get a quote
csHero image

About the Project

Unumed's Hospital Management System offers EHR, full financial management, telemedicine, specialist information systems, AI, real-time analytics and much more, all in one complete system. Unumed HMS is the world’s only true cloud native HMS, bringing the unprecedented performance that you have been waiting for.

mockup

Unumed Business Goal

Unumed needed to ensure its cloud-native hospital management system remained secure and fully compliant with ISO 27001 requirements. Their business goal was to protect patient data and guarantee uninterrupted operations across multiple regions—

including Africa, SE Asia, and Central America—while maintaining trust among healthcare providers and patients. By testing their security posture, they aimed to uphold credibility in a competitive global market and prepare for the annual ISO 27001 audit.

001

Ensure data security and compliance with ISO 27001

002

Maintain uninterrupted operations across multiple regions

003

Uphold credibility and trust in a competitive market

Core Security Challenges in Healthcare

Unprotected Patient Data

Improper data handling during storage, transmission, or processing increases the risk of exposure and misuse. It may also risk non-compliance with ISO 27001, HIPAA-equivalent standards, and local regulations.

Weak Authentication Mechanisms

Role-based access controls for various users (doctors, nurses, administrators) might be insufficient, allowing unauthorized access to sensitive information.

Vulnerable API Integrations

APIs and third-party integration points, including laboratory systems and IoT devices, might contain security flaws compromising data exchange.

Misconfigured Cloud Settings

Insecure configurations such as overly permissive IAM roles or exposed storage buckets may leave critical cloud resources at risk.

Low Resilience Against DoS Attacks

The system might be vulnerable to denial-of-service attacks, which could disrupt critical hospital operations.

Objectives Set for This Project

Objectives Set for This Project
1

Assess the risk of attacks on the application

Identify if a remote attacker could penetrate application defenses.

2

Determine the impact of a security breach

Examine whether breaches can lead to assessing the confidentiality of the company's private data, the availability and integrity of its application infrastructure, and the confidentiality of user information.

3

Find web applications vulnerabilities

Identify web application vulnerabilities that could lead to unauthorized access to sensitive data, application crashes, exploitation of vulnerable third-party components, or malware campaigns targeting users, which could result in spear-phishing or social engineering attacks.

4

Find privilege escalation vulnerabilities

Identify and exploit security weaknesses that could allow a user with limited privileges to access sensitive data, organizational confidential information, backup files, etc.

Services Delivered

We conducted a targeted black-box test on the primary web application, focusing on the OWASP Top 10 vulnerabilities, such as SQL injections and cross-site scripting while confirming the reliability of authentication and authorization mechanisms. 

We evaluated the security of associated APIs and web services, looking for misconfigurations or exposure points that could jeopardize patient data or system operations. 

Findings were compiled into a comprehensive report. This included a detailed risk analysis prioritizing vulnerabilities based on exploitability and the likelihood of affecting patient data and operational uptime. We also analyzed business impact, highlighting how these issues could influence compliance and everyday activities. We provided precise remediation recommendations aligned with ISO 27001. 

The engagement concluded with a final presentation to review key vulnerabilities and next steps, ensuring that all technical teams and decision-makers clearly understood the results.

Services Delivered

Work approach

Our approach was aligned with industry standards, including the Penetration Testing Execution Standard (PTES) and the OWASP Testing Guides. The testing began with a reconnaissance phase where testers collected publicly available information to simulate an attacker gaining initial knowledge about the target.

The actual testing was executed in phases:
  • Automated Scanning.

Deploying automated tools to discover common vulnerabilities.

  • Manual Testing and Exploitation.

Manual testing was crucial for deeper insights, particularly in complex authentication mechanisms and custom-built APIs.

  • Simulated Attacks.

Real-world attack scenarios were simulated to test the system's resilience against sophisticated attacks.

Each test was conducted in an isolated environment to prevent any actual impact on the client's operations. Our testers operated under strict confidentiality and integrity guidelines, ensuring that all findings were securely reported.

b-image.png

Our Team

Ihor Sasovets

Ihor Sasovets

Lead Security Engineer

Ihor is a certified security specialist with experience in penetration testing, security testing automation, cloud and mobile security. OWASP API Security Top 10 (2019) contributor. OWASP member since 2018.

sc-9.png
sc-11.png
sc-12.png
sc-6.png
sc-8.png
sc-3.png
sc-4.png
sc-7.png
sc-1.png
sc-5.png
Victoria Shutenko

Victoria Shutenko

Security Engineer

Victoria is a certified security specialist with a background in penetration testing, security testing automation, AWS cloud. Eager for enhancing software security posture and AWS solutions

sc-6.png
sc-3.png
sc-11.png
sc-7.png
sc-8.png
Denys Spys

Denys Spys

Associate Security Engineer

Denys is a certified security specialist with web and network penetration testing expertise. He demonstrates adeptness in Open Source Intelligence (OSINT) and executing social engineering campaigns. His wide-ranging skills position him as a well-rounded expert in the cybersecurity industry.

sc-6.png
sc-11.png
Certification.png
sc-7.png
Roman Kolodiy

Roman Kolodiy

Director of Cloud & Cybersecurity

Roman is an AWS Expert at TechMagic. Helps teams to improve system reliability, optimise testing efforts, speed up release cycles & build confidence in product quality.

sc-12.png
sc-10.png
sc-2.png
|

Common Tools We Use

Our security testing arsenal is stacked with cutting-edge tools implementing in different areas like AI in cybersecurity that enable us to identify vulnerabilities in third-party dependies with static analysis tool such as Semgrep, enforce code standards, and fortify your defenses.

OWASP ZAP
OWASP ZAP
Burp Suite
Burp Suite
Arachni
Arachni
SonarQube
SonarQube
Semgrep
Semgrep
Snyk.io
Snyk.io
Maltego
Maltego
SpiderFoot
SpiderFoot
Nmap
Nmap
Wappalyzer
Wappalyzer
Kali Linux
Kali Linux
Parrot Security
Parrot Security
OWASP ZAP
OWASP ZAP
Burp Suite
Burp Suite
Arachni
Arachni
SonarQube
SonarQube
Semgrep
Semgrep
Snyk.io
Snyk.io
Maltego
Maltego
SpiderFoot
SpiderFoot
Nmap
Nmap
Wappalyzer
Wappalyzer
Kali Linux
Kali Linux
Parrot Security
Parrot Security
OWASP ZAP
OWASP ZAP
Burp Suite
Burp Suite
Arachni
Arachni
SonarQube
SonarQube
Semgrep
Semgrep
Snyk.io
Snyk.io
Maltego
Maltego
SpiderFoot
SpiderFoot
Nmap
Nmap
Wappalyzer
Wappalyzer
Kali Linux
Kali Linux
Parrot Security
Parrot Security

Project Outcomes

Our assessment confirmed the client's strong security posture and revealed no critical or high-severity vulnerabilities. We only identified low to medium-severity issues related to access controls and data validation. Addressing these concerns required straightforward updates, and we collaborated closely with the client to suggest a series of targeted improvements.

The enhanced security controls minimized the likelihood of unauthorized access and data breaches and ensured compliance with ISO 27001 and security best practices.

Furthermore, our approach emphasized a balance between security and operational efficiency. By focusing on targeted improvements and risk-based prioritization, we helped the client avoid costly system overhauls and disruptions to their everyday operations.

The implemented solutions were designed to be scalable and adaptable to the client's evolving needs, ensuring long-term effectiveness and a sustainable security posture.

Get a quote
Project Outcomes

Why Choose TechMagic For Penetration Testing

Certified security specialists
Certified security specialists

With certifications PenTest+, CEH, eJPT and eWPT, our team possesses deep expertise and technical skills to identify vulnerabilities and simulate real-world attack. We provide cloud penetration testing, wireless penetration testing, social engineering testing, mobile and web application penetration testing, API penetration testing, external and internal network pen testing.

001
/003
Security and compliance
Security and compliance
002
/003
Proven track record
Proven track record
003
/003

Cases that may be of interest to you

Quizrr

Internal Audit of the Information Security Management System

Quizrr

Coach Solutions

Web application penetration test

Coach Solutions
Let’s safeguard your project
award_1_8435af61c8.svg
award_2_9cf2bb25cc.svg
award-3.svg
Ross Kurhanskyi
linkedin icon
Ross Kurhanskyi
VP of business development
Copyright © TechMagic 2015 — 2024. All rights reserved
cookie

We use cookies to personalize content and ads, to provide social media features and to analyze our traffic. Check our privacy policy to learn more about how we process your personal data.