A large Contract Manufacturing Firm had been very successful in implementing a Web Based Supply Chain Management and Customer Order Tracking System. This system was based on am MS SQL back end and was customized in house by contract programmers. As the company grew it implemented stricter security policy, and did regular security scans using some open source security scanners that were commercially maintained, they felt secure. Once the existing Information Security Manager left the company and was replaced the new ISM used a demo version of Maxpatrol to scan a few servers. Upon completion of the scan, among other things, a second instance of an old, un-patched version of SQL was found running on a production server on Port 1435! While this instance was installed during the development cycle, it was still available, though unused, and exposed the company to numerous, serious vulnerabilities. Maxpatrol was then used to scan all the companies' assets, both internally and public facing where numerous other vulnerabilities, such as FTP and P2P services were found as well as machines that were just not patched. Maxpatrol managed to find these services, where others failed using its intelligent scanning.

An investment firm used Maxpatrol for the first time on its public facing IP Addresses. The System Administrator called complaining that a bug in Maxpatrol found an HTTP like service running on TCP Port 10 and that nothing was running there. "The scanner gave me a false positive the first day I used it" he complained, "I checked the system a dozen times and nothing is running there!" The Maxpatrol Security Team investigated the situation and promptly determined there was, in fact, an alien backdoor and the network was compromised for some time.

Z Company, in there never ending quest to make their internal systems easier to manage and give users more services to boost productivity implemented a customized version of a mail server that had many features that their users wanted and connected well to their CRM and Sales Automation System. The software was based on smaller lesser known mail server, and therefore not many vulnerabilities for it were published. At first glance, the system seemed secure, there was a Firewall that permitted only standard ports 25 (SMTP) and 110 (POP). After an audit with Maxpatrol it was determined, in a completely automated scan, then verified, that the server was vulnerable to an unpublished DoS-Attack at Port 110. The company had to notify the vendor, temporarily stop using the Mail Server and wait for the Vendor to patch the software.

A large chemical company audits its network with Maxpatrol; upon completion of the audit Maxpatrol (using its standard configuration) was able to gain access to the SQL Server after detecting a weak password.

A Publicly Traded Financial Planning Company wanted to allow its clients to access account information on-line. It had a very reputable software development company design a web interface for its database and was very satisfied with the results, so satisfied it published press releases and marketing materials. Before roll out the Information Security Officer demanded the application have a security review prior to roll out. While the application was based on very popular product it went under heavy customization and testing during development, but he insisted the application be tested one more time. Using Maxpatrol to do an initial audit of the public facing application several instances of un-validated input vulnerabilities, Broken Session and Authentication Flaws, Weak Passwords and Injection Vulnerabilities were found, presumably introduced by the customization of the code and user configurations.