From exposed credentials to organisation-wide protection

Manufacturing & Fabrication
A national manufacturer with operations across four states relied on real-time logistics and ERP data to keep its production lines moving. A web application penetration test revealed critical vulnerabilities in both public-facing and internal systems that, if exploited, could have halted operations and exposed sensitive business data.
Problem

Critical vulnerabilities hidden in plain sight

The manufacturer’s custom logistics platform and ERP environment were central to day-to-day operations, with around 300 users relying on accurate, timely access to information. However, their public website was running an outdated version of WordPress, along with vulnerable third-party plugins that exposed the site to remote code execution. The bespoke logistics portal presented even greater risks. Testing uncovered an SQL injection vulnerability in the login interface, which could allow attackers to extract credentials and access sensitive records. Another issue, known as Insecure Direct Object Reference (IDOR), meant unauthenticated users could potentially view consignment and supplier data simply by changing a URL. Behind the scenes, the business lacked centralised logging and detection tools, limiting their ability to spot suspicious behaviour or respond effectively.

Solution

A layered, proactive defence strategy

The manufacturer took immediate steps to secure their platforms. They addressed the critical application-layer risks by removing vulnerable plugins, patching systems, and implementing stronger input validation across their logistics platform. A web application firewall was added to bolster external defences. Internally, they overhauled network architecture to separate production environments from business systems, using VLANs and firewalls to limit access. Security practices were tightened, including unique admin accounts, password vaulting, and enforced policies. To support ongoing resilience, the business implemented a lightweight SIEM for event correlation, deployed EDR to all endpoints, and began encrypting sensitive data at rest.

Results

Resilient operations and a proactive security posture

The business now operates with increased confidence in its digital infrastructure. By resolving both application-level and architectural weaknesses, they shifted from reactive fixes to a proactive cyber strategy embedded into daily operations. Security monitoring and access control are now aligned to industry standards such as ISO 27001 and the ACSC Essential Eight, without compromising production uptime.

Start a conversation

Reach out to chat about your goals, challenges, or just to get a fresh perspective on your IT. Our team is ready to listen.