Preventing Web/Application Attack by Security Audit

Customer Overview

Leading online retailer with a large portfolio of brands.

PROJECT CHALLENGES

Company wanted to test the website for technical and design flaws that may let hackers to do any unethical transactions. They have also requested the protection of website against web attack like XSS, CSRF, SQL Injection etc.

The major concern for the company is to ensure the web portal is safe for customer transaction and sharing personal information.

Solutions

We have performed vulnerability test for website pages and across categories based on OWASP and MITRE standards.
We have performed static and dynamic source code review to achieve security standards.
Functional mapping of the website pages with URLs and inclusive parameters.
Special case testing for Tampering Attacks in the payment workflow.
Performed Vulnerability Assessments for all web pages for security misconfigurations.
Domain based testing for Privilege escalations – testing for unauthorized access to premium accounts using session logs and IDs.
Performed search overflow attacks covering the vulnerabilities against server interruptions and app responsiveness.
Verified for Injection attacks – injection of technology based scripts / files in URLs and search fields.
Performed Penetration Tests using proxy techniques to manipulate parameter values / tamper operational data.
Conducted source code review to achieve Security Standards.

Business Benefit

We have prevented OWASP Top 10 and domain based vulnerabilities with the help of security testing.
We have provided detailed security bug report to avoid false positives and to minimize security risks.
We have recommended solutions to fight against cross scripting and forgery attack.