The Network: A high technology provider on the US East Coast with several hundred servers, including internal webservers and a popular external facing website.
The Expectation: As a typical modern enterprise, web services are used extensively, both inside and outside the company, to meet various needs.
The Catch: Various websites, including the external facing one, were found vulnerable to Clickjacking attacks.
The Find: Given the extensive penetration of web services in the modern organization, website developers in every organization need to test for vulnerabilities, especially the Top 10 from OWASP. Failing to do so can expose critical company confidential data to attackers.
The Lesson: Putting company information on a website allows for easy access internally or externally. Failing to secure that website is a dereliction of duty.