Intelligence
Utility Cloud BG

Case Study: Utility Cloud Partners with Echelon to Boost Security of their Web Application

By Jake Murphy
Posted on Oct 21 / 2022
Utility Cloud Logo

Utility Cloud is an operations management software designed to help utilities such as water, waste water, and natural gas digitally manage their assets and work orders. Their customizable, easy-to-use platform enables organizations to distribute work, report on maintenance, and streamline compliance reports. They are headquartered in Salem, New Hampshire.

The Testing Process

Utility Cloud's web application provides complete visibility into data captured in the field, enabling supervisors to plan and prioritize work more efficiently. It lets technicians detect anomalies in non-revenue water through meter and tank data and prevent leakage by dispatching corrective and preventative maintenance work orders. Security is critical for an application of this nature due to the storage of sensitive infrastructure data.

Utility Cloud partnered with Echelon Risk + Cyber to assess their web application for vulnerabilities. The Echelon team tested the Utility Cloud platform for vulnerabilities using a blend of automated and manual techniques, combining an industry-leading automated scanner with hands-on request interception and modification.

The team spent several days manually attacking the application, attempting different injections, and manipulating the platform’s business logic. We worked with the Utility Cloud team to resolve several findings and further lock it down from potential threat actors.

The Outcome

The web application penetration test resulted in improvements in the following areas:

Access Control

Database Interaction

Authentication & Authorization

Input Sanitization

Overall, Echelon’s web application test of the Utility Cloud platform resulted in increased security measures and a stronger, more resilient management system. This allows Utility Cloud’s customers to have peace of mind that their information is stored both safely and securely.

“It was a pleasure working with the Echelon team, from initial contract signing to final test wrap-up. Our entire engagement went smoothly and was well-planned. Echelon was always available to us and quick to respond to any of our inquiries. The testing process was thorough and at times very enlightening. Their team of security experts worked closely with our engineers to quickly resolve found vulnerabilities. Echelon will continue to be our testing partner for future security work.”
- Al Sesta, VP of Engineering

Sign up to get Cyber Intelligence Weekly in your inbox.
Latest Intelligence
Cyber Intelligence Weekly (April 21, 2024): Our Take on Three Things You Need to Know
Posted on Apr 21 / 2024
The Latest in FedRAMP Compliance: Breaking Down Red Teaming for Enhanced Security
Posted on Apr 18 / 2024
Cyber Intelligence Weekly (April 14, 2024): Our Take on Three Things You Need to Know
Posted on Apr 14 / 2024