Dynamic Yield & GRSee - Identifying a long-dormant vulnerability
Dynamic Yield, requiring robust security for their platform's Kubernetes and permission layer updates, partnered with GRSee Consulting for in-depth penetration testing. GRSee's thorough onboarding and continuous communication led to the discovery of a long-dormant vulnerability and ensured the platform's secure transition to production. This case study details how GRSee's granular approach provided Dynamic Yield with confidence in their security architecture.
Published March 30, 2025.
Problem
Contractual obligations with clients and internal secure development practices require that Dynamic Yield maintain the highest possible level of security. Their security practices include ISO 27001 compliance and regular penetration testing using rotating vendors. They were preparing to make changes to move to Kubernetes and add a new permission layer, so they needed to perform penetration testing to ensure the highest level of platform security going into production.
Solution
Dynamic Yield engaged GRSee Consulting to perform penetration testing. By conducting an extremely thorough onboarding process before testing, we were able to gain a deep understanding of the platform’s processes and business logic and adjust our frameworks accordingly.
Once we identified the attack surfaces, we performed an additional session with the client and tester to deepen our understanding of the tech, unique processes, and back-end processing. During this session, we identified vulnerabilities at the design level. We further adjusted the test’s attack vectors and focused our efforts on the client’s prioritized points. Our deep understanding of the granular permission mechanism enabled us to provide the most relevant access control test scenarios. The tester communicated directly with Dynamic Yield’s development team to gain a better understanding of the platform’s responses to various attack vectors. The depth of GRSee Consulting’s on-boarding process and continuous communication practices improve results compared to other PT providers, uncovering weaknesses that would otherwise be overlooked.
Results
GRSee’s penetration testing service identified a long-dormant vulnerability that had been missed by previous testing. The vulnerability was then able to be mitigated. Due to the depth of the testing, Dynamic Yield then felt confident in the security of their design and architecture and was able to move forward with production. The test was detailed in a final report that will be used by sales and marketing teams, customer security due diligence, and ISO 27001 compliance.
Who We Are
GRSee Consulting is your trusted partner when it comes to cybersecurity. With the GRSee Consulting penetration testing service, our proficient team of IDF veterans, hackers, and security experts provides penetration testing for everything from your apps to the cloud, identifying product and environment vulnerabilities so they can be mitigated before a real attack occurs.
ISO 27001 Auditing & Penetration Testing
Achieve compliance quickly with GRSee’s auditing and penetration testing service.
Ensure documentation is up to date before your audit
Identify and address security vulnerabilities through penetration testing
Automated gap analysis to pinpoint weaknesses
