All Projects

DJP Intranet Security Audit

 · Part of my work at DJP

Abstract:  Conducted a comprehensive IT security audit and penetration test on multiple, mission-critical intranet web applications within the Directorate General of Taxes (DGT).

Tech: #Penetration Testing#Kali Linux#Metasploit Framework#Burp Suite#Vega#Wireshark#sqlmap#Security Auditing

The Challenge

The Directorate General of Taxes (DGT/DJP) relied on a suite of intranet web applications for critical national functions, including the Human Resources system (SIKKA), an e-learning portal, and a tax knowledge base. These systems were used daily by up to 45,000 employees and handled sensitive government data. A comprehensive security assessment was required to identify and mitigate vulnerabilities that could compromise data and disrupt operations.

The Approach

As the appointed IT Security Analyst, I conducted a series of in-depth, black-box penetration tests on these high-value applications. My methodology was systematic and thorough:

  • Reconnaissance: Mapping application structures, identifying potential attack vectors, and understanding the business logic.
  • Vulnerability Analysis: Using a combination of automated tools (e.g., Vega, sqlmap) and manual inspection with proxy tools (e.g., Burp Suite) to scan for a wide range of vulnerabilities.
  • Exploitation: Demonstrating the real-world impact of discovered flaws (such as SQL Injection or Cross-Site Scripting) by attempting to gain system access in a controlled manner.
  • Persistent Access Simulation: Simulating an advanced attack by attempting to plant a backdoor to prove the potential for long-term compromise.
  • Reporting & Remediation: Authoring detailed technical reports that documented each finding, analyzed the root cause, and provided clear, actionable solutions for the development teams.

The Outcome

The audit was a major success that fundamentally changed the security posture of the organization.

  • Massive Vulnerability Discovery: I uncovered more than 1800 total security vulnerabilities across the target applications, including over 640 critical flaws.
  • Catalyst for Change: My detailed reports and demonstrations, which included successfully taking over application servers, were instrumental in driving a major, top-down security overhaul initiative.
  • Career Impact: Based on the success and critical nature of this audit, I was subsequently promoted to help lead the remediation efforts, which ultimately resulted in a 97% reduction in critical flaws and earned me a "Best Performer of the Year" award.