Pen-Testing of Automobile accessory E-Commerce Portal - Cyber Security Case Study

Scenario

we were allowed to test all possible aspects. The entire exercise ended up with High, Medium and Low severity issues. Which were fixed later as per provided recommendations.

Testing methodology

Complete grey-box testing using tools and manual exploitation methodology

Risk Found

    Outdated web server version easily exploitable using publicly available exploits.Unrestricted file upload leads to server takeover and sensitive information leakage.Directory Traversal potentially leads to sensitive information exposure.Improper session management leads to account takeoverLack of proper encyprtion results in capturing sensitive data via MiTM attack.Absence of secure flags helps attacker in exploiting session related issues.HTTP OPTION method enabled allows attacker to identify communication options to server.

Business Risk

-------------