VA-PT of International Survey and Feedback Portal - Cyber Security Case Study

Scenario

We were approached by the client for performing full VAPT of main domain hosted in live environment with full permission of demonstrating maximum impact at application level as well as server level. The final outcome contained multiple High severity issues at application level and server level as well. The medium and low severity issues were there as well.

Testing methodology

As we were open to test for all the aspects and it was test environment, used multiple automated tools during initial info gathering phase. Then utilized the filtered information for mapping the provided scope, which helped us for detailed exploitation performed with automated and manual approach.

Risk Found

    Combination of serious vulnerabilities found in the web server and application code. Improper implementation of user sessions, cookie management, authentication and encryption leads to account takeover of other users in unauthorized manner and sensitive information stealing. This becomes the reason of user's data privacy breach. Under the law of GDPR Standard, it is punishable by Law and Possible Cause of Reputational loss - that was saved.

Business Risk

-----------