About the Client
24Slides is a global team of presentation designers that transforms content into high-impact visual materials for professionals and businesses worldwide. The company partners with global enterprise clients across various industries, including pharma, technology, and consultancy, supporting thousands of professionals each month and producing over 17,500 presentation slides to help organizations save time and deliver a lasting impact. With teams based in Denmark, Ukraine, Indonesia, and Peru, the company is dedicated to empowering people worldwide while contributing to the UN Sustainable Development Goals.
Before engaging Sekurno, 24Slides had never performed a white-box penetration test or integrated formal application security measures into its development process. The application, developed by a third-party vendor, had not undergone comprehensive security verification, leaving gaps in assurance for both internal stakeholders and enterprise customers.
The platform comprises two key products:
GRIP — a patient-facing application that allows individuals to aggregate their health records, gain personalized health insights, and discover matched clinical trials.
ELaiGIBLE — a tool for researchers and healthcare professionals that identifies eligible patient cohorts in minutes, drastically reducing recruitment timelines.
Results:
The initial assessment identified a number of high- and medium-severity issues, some of which came as a surprise and demonstrated the depth of the penetration test, ultimately leading to a stronger and more resilient security posture. Addressing these vulnerabilities significantly reduced potential exposure and reinforced the application’s overall security framework.
Key Takeaways
In-depth white-box testing can reveal hidden risks that surface-level scans or black-box testing miss.
Combining technical testing with clear, accessible reporting enables faster remediation and better decision-making at both engineering and leadership levels.
Retesting is essential to validate remediation and close the loop on identified issues.
The review also confirmed notable strengths, including effective use of Laravel’s built-in protections, secure-by-default frontend implementation in ReactJS, and robust server-side input validation.
All high-severity findings were remediated and verified in follow-up testing. The outcome improved 24Slides’ readiness for SOC 2 certification, provided tangible evidence of security commitment for enterprise clients, and gave internal stakeholders confidence in the resilience of the platform.
The Challenge
24Slides had three primary security objectives:
Achieve readiness for SOC 2 certification.
Demonstrate a strong security posture to enterprise clients.
Reduce the risk of operational disruption from potential security incidents.
The company had experienced a chaotic situation in the past due to a security issue and wanted to ensure these scenarios were prevented going forward. A thorough security review was needed to both meet compliance requirements and build trust with major customers.
Our Solution
Sekurno was selected after comparison with four other vendors, chosen for high ratings, strong cultural fit, aligned values, and a clear understanding of the need for white-box testing.
Our approach included:
1
Scoping and Planning
Defined testing objectives aligned with SOC 2 requirements and enterprise client expectations.
2
White-Box Penetration Testing
Conducted an in-depth assessment of the application’s security, including code review, business logic testing, and authentication and access control evaluation.
3
Clear Communication
Maintained regular updates via Slack to ensure transparency and adaptability throughout the engagement.
4
Comprehensive Reporting
Delivered a detailed penetration test report, WSTG checklist, and threat model, along with an attestation letter for client and compliance use.
5
Follow-Up Testing
Performed retesting to confirm all high-impact security issues were fully remediated.
What truly sets Sekurno apart is their commitment to an in-depth analysis.
Artem Brezhnev, Head of Development, 24Slides
Conclusion
Partnering with Sekurno enabled 24Slides to move from uncertainty about their application’s security to having validated assurance, strengthened compliance readiness, and a clear message of trust for their enterprise customers. The engagement demonstrated the value of deep technical assessment paired with collaborative, client-focused delivery.