Pen-Testing of an International VOIP Service provider Portal - Cyber Security Case Study
As the company provides on-demand VoIP service with multiple users. The challenge was to perform black-box testing with manual approach for subdomains only.
The environment was live so everything was done manually. Except basic scanning. The exploitation was performed in such a manner so it won't affect the live users.
Improper cookie management and privileged Escalation found - due to which an attacker can steal the identity of the product brand and also user accounts and misuse them. Getting unauthorized access of other user's data on the application is the breach of user's data privacy and lead to breach of GDPR standard. Under the law of GDPR Standard, it is punishable by Law and Possible Cause of Reputational loss of the business - that was saved.