Pen testing of a Giant Software Listing Portal - Cyber Security Case Study

Scenario

A growing platform useful for discovering top business software and service partners contracted us for performing full VAPT. The challenge was to perform VAPT with maximum possible impact.

Testing methodology

Automated scan was performed for identifying attack surface. The scan covered server & client side possible attack vectors. Manual approach was used for identifying false positive and exploitation.

Risk Found

    Application has one of the severe vulnerability of unrestricted file upload. By exploiting this, attacker can upload malicious files like malwares or shells on the Production servers and by accessing them he can take unauthorized access of Production Servers. Further, week cookie management and Priviledged Escalation found - due to which an attacker can steal the identity of the product brand and user accounts and misuse them. This could lead to potential Brand value loss approx 8Cr - that was saved.

Business Risk

Application has one of the severe vulnerability of unrestricted file uplaod. By exploiting this, attacker can upload malicious files like malwares or shells on the Production servers and by accessing them he can take unauthorized access of Production Servers. Further, week cookie management and Priviledge Escallation found - due to which an attacker can steal the identity of the product brand and user accounts and misuse them. This could lead to potential Brand value loss of approx 8Cr - that was saved. Page 6 Case