Search
All Projects

DJP Intranet Security Audit

 ·  Part of my work at DJP

Abstract:  Conducted a comprehensive IT security audit and penetration test on multiple, mission-critical intranet web applications within the Directorate General of Taxes (DGT).

Tech:  #Penetration Testing #Kali Linux #Metasploit Framework #Burp Suite #Vega #Wireshark #sqlmap #Security Auditing

The Challenge

The Directorate General of Taxes (DGT/DJP) relied on a suite of intranet web applications for critical national functions, including the Human Resources system (SIKKA), an e-learning portal, and a tax knowledge base. These systems were used daily by up to 45,000 employees and handled sensitive government data. A comprehensive security assessment was required to identify and mitigate vulnerabilities that could compromise data and disrupt operations.

The Approach

As the appointed IT Security Analyst, I conducted a series of in-depth, black-box penetration tests on these high-value applications. My methodology was systematic and thorough:

  • Reconnaissance: Mapping application structures, identifying potential attack vectors, and understanding the business logic.
  • Vulnerability Analysis: Using a combination of automated tools (e.g., Vega, sqlmap) and manual inspection with proxy tools (e.g., Burp Suite) to scan for a wide range of vulnerabilities.
  • Exploitation: Demonstrating the real-world impact of discovered flaws (such as SQL Injection or Cross-Site Scripting) by attempting to gain system access in a controlled manner.
  • Persistent Access Simulation: Simulating an advanced attack by attempting to plant a backdoor to prove the potential for long-term compromise.
  • Reporting & Remediation: Authoring detailed technical reports that documented each finding, analyzed the root cause, and provided clear, actionable solutions for the development teams.

The Outcome

The audit was a major success that fundamentally changed the security posture of the organization.

  • Massive Vulnerability Discovery: I uncovered more than 1800 total security vulnerabilities across the target applications, including over 640 critical flaws.
  • Catalyst for Change: My detailed reports and demonstrations, which included successfully taking over application servers, were instrumental in driving a major, top-down security overhaul initiative.
  • Career Impact: Based on the success and critical nature of this audit, I was subsequently promoted to help lead the remediation efforts, which ultimately resulted in a 97% reduction in critical flaws and earned me a “Best Performer of the Year” award.