VA-PT of a Wellness Product - Cyber Security Case Study

Scenario

The organization has developed server-side protections yet wanted to look for client side issues as well. Challenge was to perform client-side attacks can show maximum impacts as the organization provided live environment.

Testing methodology

Automated scan was performed for identifying attack surface. Manual approach was chosen for exploitation and bypassing default client side protection.

Risk Found

    Due to the mentioned technical risk, any user can gain unauthorised access of other user on the application without getting their credentials. This leads to breach to user's data privacy and breach of GDPR standards. Under the law of GDPR Standard, it is punishable by Law and Possible Cause of Reputational loss of the business.