Success Stories

Securing a Danish Education Platform through Penetration Test and Fast Remediation Cycle

A Denmark-based education technology provider commissioned Manao Software to run an annual penetration test and a single remediation cycle to demonstrate platform integrity and satisfy data protection expectations. The engagement was intentionally compact, clear in scope, and designed to produce verifiable evidence for the client’s assurance processes. 

Industry

Education

Product

Penetration Testing

Technologies

Burp Suite

Schedule a consultation

Client need

  • Proof that the platform is secure and suitable for continued use by schools and partners. 
  • A penetration test is performed at least annually, as required by their assurance policy. 
  • Practical findings they could act on immediately, supported by a partner who understands software development and coding in depth. 
  • A short, verifiable remediation cycle so the client can quickly demonstrate fixes to stakeholders. 

Timeline and phases

  • Week 1: Analysis and design. Confirmed project scope, reviewed legal and regulatory requirements, and finalized the test plan to ensure compliance and readiness for execution. 
  • Week 2: Execution. Active testing and vulnerability discovery. 
  • Week 3: Client fixes and retest. Client implements fixes; we verify remediation.

This engagement was completed in one round following the above schedule.

Challenge

  • All testing followed strict ethical and legal standards. We needed to secure the client’s approval, define permissions, and document legal constraints before any testing began. 
  • The client required clear boundaries for user and system scope to avoid unintended impact on live services. 
  • The regulator and stakeholder context in Denmark required evidence that testing and remediation had been conducted correctly. 
  • The engagement had to provide quick, verifiable outputs suitable for audit or partner assurance. 

Our approach

  • Analyzed scope and compliance needs, then designed a test plan that respected legal and operational boundaries. 
  • Performed black box penetration testing to simulate an external attacker and discover issues without prior system knowledge. 
  • Delivered a prioritized findings report with reproduction steps, risk ratings and clear remediation guidance. 
  • Supported a one-round remediation loop. The client implemented fixes, and we performed retesting to validate closure. 
  • Emphasized ethical practice, signed permissions, and documented all activities for audit evidence. 

Technologies Used

  • Burp Suite for active scanning and manual request analysis. 
  • Anomaly detection tools are used in other contexts to flag unusual system behaviour, but were not part of this single engagement. 
  • Two security specialists executed scans while one security engineer handled design and analysis responsibilities. 

The Results

  • Identified and prioritised vulnerabilities, focusing on fixes the client could implement quickly. 
  • Performed vulnerability assessment scans and manual validation to capture configuration and deployment gaps that DevOps can address. 
  • Provided practical remediation guidance that included code-aware suggestions where appropriate. Because Manao builds software, we can advise down to programming-level changes, not only high-level mitigations. 
  • Retested reported items to confirm remediation and produced documentation suitable for annual assurance and audit. 

Team and engagement model

  • Compact team structure to suit short engagement. Two testers ran scans, and one security engineer designed the test and analysed results. 
  • Close collaboration with the client’s engineers ensures fast fix implementation and knowledge transfer. 

Outcome

  • The engagement was completed within 4 weeks.  
  • Vulnerabilities were discovered, prioritized, fixed by the client, and retested. 
  • The client received documented evidence for its annual assurance process. 
  • The platform gained pragmatic guidance across infrastructure and code, reducing the likelihood of recurring issues. 

What sets Manao Software apart

  • We combine penetration testing with hands-on software engineering expertise. When we find an issue we can explain practical, code-level fixes and implementation steps. 
  • We prioritise ethical testing and clear legal agreements, so tests are effective and compliant. 
  • We deliver concise, retested evidence that clients can use immediately for assurance and audits. 

Compliance context

  • The engagement aligned with GDPR-related expectations and broader personal data protection requirements relevant to Danish education providers. 
  • Documentation and evidence were prepared in a format suitable for external auditors and stakeholder assurance. 

Contact Us

This is a staging environment