Periodic Security Re-Assessment for newly added modules of a wellness product - Cyber Security Case
Client had a live environment application with frequently updated features. Which required periodic security testing due to continuous changes.
The entire exercise was done manually. The in-scope URLs were scanned passively as active scanning could reduce the performance and affect the active users. Necessary pre-cautions were taken during the exploitation phase.
As a part of periodic Security review - we have found unrestricted file upload vulnerability. Also we were able to intercept the user's data (Man in the Middle Attack) - which leads to user's data privacy breach. Under the law of GDPR Standard, it is punishable by Law and Possible Cause of Reputational loss for the business - that was saved.