Utility Cloud is an operations management software designed to help utilities such as water, waste water, and natural gas digitally manage their assets and work orders. Their customizable, easy-to-use platform enables organizations to distribute work, report on maintenance, and streamline compliance reports. They are headquartered in Salem, New Hampshire.
The Testing Process
Utility Cloud's web application provides complete visibility into data captured in the field, enabling supervisors to plan and prioritize work more efficiently. It lets technicians detect anomalies in non-revenue water through meter and tank data and prevent leakage by dispatching corrective and preventative maintenance work orders. Security is critical for an application of this nature due to the storage of sensitive infrastructure data.
Utility Cloud partnered with Echelon Risk + Cyber to assess their web application for vulnerabilities. The Echelon team tested the Utility Cloud platform for vulnerabilities using a blend of automated and manual techniques, combining an industry-leading automated scanner with hands-on request interception and modification.
The team spent several days manually attacking the application, attempting different injections, and manipulating the platform’s business logic. We worked with the Utility Cloud team to resolve several findings and further lock it down from potential threat actors.
The web application penetration test resulted in improvements in the following areas:
Authentication & Authorization
Overall, Echelon’s web application test of the Utility Cloud platform resulted in increased security measures and a stronger, more resilient management system. This allows Utility Cloud’s customers to have peace of mind that their information is stored both safely and securely.
“It was a pleasure working with the Echelon team, from initial contract signing to final test wrap-up. Our entire engagement went smoothly and was well-planned. Echelon was always available to us and quick to respond to any of our inquiries. The testing process was thorough and at times very enlightening. Their team of security experts worked closely with our engineers to quickly resolve found vulnerabilities. Echelon will continue to be our testing partner for future security work.”
- Al Sesta, VP of Engineering