Case study: Penetration testing in the recruitment sector to secure an HR SaaS platform

In a context of accelerated digitalization, recruitment firms must ensure the security of the sensitive data they handle daily. Discover how Esokia supported a major player in the sector through a comprehensive cybersecurity project, including a penetration test, an in-depth audit, and the securing of several critical platforms.

What exactly is a penetration test?

A penetration test is a controlled simulation of a cyberattack. It involves reproducing the methods of a hacker to detect system vulnerabilities before a real cybercriminal exploits them.

Unlike a static audit, it is a dynamic security analysis:

• Testing the site's resistance to code injection
• Simulating the theft of a user account
• Attempting to extract confidential files through known vulnerabilities
  
   

The goal is not to cause fear, but to objectively measure the platform's security level, with a realistic and offensive approach.

An Extended Technical and Strategic Scope

The project focused on securing the digital assets of a recruitment firm specialized in headhunting. The platforms involved included:

• A business SaaS software, central to the firm’s daily operations
• A client extranet, used to access applications and mission follow-up
• A legacy business software still in use for certain processes
• The firm's corporate website
  
   

Objectives of the Penetration Test

The penetration test had multiple objectives:

• Identify vulnerabilities exploitable by an attacker. The penetration test is not limited to an automatic scan. It combines powerful tools and human expertise to identify complex or contextual flaws.
• Assess the effectiveness of existing defense mechanisms.
• Validate the robustness of access controls and permissions.
• Measure the potential impact of security vulnerabilities.
• Provide concrete recommendations to address the detected issues.
• Secure all platforms, prioritizing the SaaS application and the extranet.
  
   

A Realistic Offensive Methodology

To reflect current threats, the penetration test was conducted using two distinct scenarios:

• External attack (blackbox): The black box test simulates an external attack, carried out by an individual with no prior access or knowledge of the system. The tester acts like a standard cybercriminal and attempts to identify and exploit system vulnerabilities. This type of test is ideal for evaluating the platform’s robustness against external threats, such as attacks aiming to steal the database or inject malware on the site.

• Internal attack (greybox): The grey box test represents an intermediate scenario. The tester has some information or partial access, such as user login credentials, but without administrator privileges. This simulates the actions of a malicious user or a stolen user account attempting to access unauthorized resources. This type of test is especially relevant for verifying the management of rights, roles, and access restrictions.

These combined approaches allowed the exploration of vulnerabilities exploitable both from outside and inside the system.

A Clear Report and Concrete Recommendations

At the end of the tests, a detailed report was delivered to the client, including:

• A mapping of identified vulnerabilities
• An analysis of their severity and potential impact
• Technical recommendations tailored to each flaw
• An action plan for implementing priority fixes
  
   

Esokia then supported the recruitment firm in deploying the fixes and continuously improving application security.

Expertise That Made a Difference

In-depth technical knowledge
Thanks to our mastery of SaaS environments, web frameworks, and secure architectures, we were able to intervene effectively without disrupting the client’s activity.

Understanding of business challenges
The recruitment sector imposes strong requirements in terms of confidentiality, availability, and responsiveness. Esokia managed to reconcile security and user-friendliness.

Mastery of application security testing
Our experts used advanced tools and a rigorous offensive/defensive methodology, revealing vulnerabilities often invisible to standard scanners.

Personalized support
More than a simple audit, Esokia proposed a long-term partnership, with end-to-end support: from testing to effective securing.

DevSecOps Culture
Our close collaboration with the client’s technical teams allowed the integration of security measures without delaying development cycles or increasing costs.

Esokia won the cybersecurity TopTech 2025 prize.

As proof of its ongoing commitment to digital security, Esokia received the TopTech 2025 award in the cybersecurity category, awarded by a panel of experts from the technology sector. This distinction highlights the excellence of its data protection practices and reinforces its position as a trusted partner for critical digital projects.

Thanks to this recognition, Esokia affirms its desire to continue innovating and anticipating tomorrow’s challenges in an increasingly connected world.

This project illustrates the importance of penetration testing in the recruitment sector, where data protection is strategic. Thanks to its tailored approach and SecOps culture, Esokia enabled this headhunting firm to sustainably reinforce the security of its digital ecosystem.

Contact us at [email protected] for a pentest.