ITGLOBAL.COM Performed Penetration Test for FINOM’s Web Application

The pentest showed that FINOM’s web application is well-secured. ITGLOBAL.COM’s pentest report was accepted and approved by FINOM’s European partner bank.

CLAYMONT, Del., Dec. 25, 2020 /PRNewswire/ — FINOM is an international financial company with headquarters in Amsterdam, the Netherlands. They provide digital financial services to small and medium businesses, such as invoicing, multi-banking, virtual cards, and so on.

Right now the company works with clients from Italy, France, and Germany; more countries are to come soon.

The Task

FINOM’s web portal is a single-page application with personal accounts for different users, including corporate customers. The personal account stores data of varying importance, such as banking accounts, information about their balance, payment and credit cards, payment history, etc. Using the personal account, a manager can manage all financial processes of their company. This is why the security of this particular web service component is critical.

Andrey Varikov, FINOM CIO:

“Europe has very demanding requirements for personal data security under the GDPR (General Data Protection Regulation — editor’s note). We take these requirements seriously and pay close attention to make sure personal data get processed in a secure fashion. Although FINOM is a startup, we are building our infrastructure in such a way that we can ensure a high level of IT security.”

FINOM contacted ITGLOBAL.COM to assess the security of their personal accounts with a pentest. ITGLOBAL.COM decided to conduct a Black Box pentest, where the auditors only have access to information from open sources. This type of pentest is based on as close to a perfect imitation of a series of cyberattacks as one can get. This helps ITGLOBAL.COM accurately assess how resistant the web resource is to getting hacked from the outside.

Choosing a pentester

According to Andrey Varikov, when searching for an auditor, they were looking at pentesters’ ratings in specialized foreign catalogs, the deadlines, and the service cost.

The selection process was very thorough. FINOM’s IT specialists have extensive knowledge of the banking sector, they know how banking services are secured, how pentests are conducted, and what a pentester must know and be able to do.

“We chose ITGLOBAL.COM for several reasons,” Andrey noted. “The main one is that their company has a good rating; on top of that, the quality-price ratio was also important for us.”


The pentest showed several non-critical vulnerabilities, which the customer immediately addressed.

As Andrey Varikov noted, FINOM’s IT specialists were flattered to know that their web service was really well-secured.

“In general, we liked how the work went,” said Andrey. “The specialists didn’t take up much of our time and did everything on their own. They knew what we wanted right away.”

ITGLOBAL.COM auditors prepared a detailed pentest report. This document was accepted and approved by FINOM’s European partner bank.