Case Studies

VAPT of Trading and Investment web application

Scenario:

We were contacted by the client to conduct a comprehensive Web Application
Assessment and Penetration Testing of the target application that also includes
all the ports and exploitation of findings. The exercise ended with multiple
issues later divided into high, medium and low severity based on the impact.
The sandbox was provided by the client for...

[ Read More ]

Source Code Review of Trading and Investment Platform

Scenario:

A growing platform useful for trading stocks and broker service contracted us
for performing full source code review. The Source code review was performed
with maximum possible impact.

[ Read More ]

VAPT of AWS cloud infrastructure of Financial platform

Scenario:

The client contracted us to perform Cloud(AWS) VAPT on their cloud
infrastructure. We had a contract to perform a brief assessment of their whole
cloud infrastructure. The result was an identification of several configurations
and findings which were not properly implemented on the cloud infrastructure.

[ Read More ]

VAPT of health care Web Application

Scenario:

The client approached us to conduct a full Web Application Assessment and
Penetration Testing of the target which also includes all port scanning and
maximum exploitation. The exercise ended with multiple issues later divided
into high, medium and low severity based on the impact. The test environment
was provided by the client for the testing purpo...

[ Read More ]

Pen-testing of health-care mobile applications

Scenario:

The client contracted us to perform Mobile(iOS, Android) VAPT for all the
applications. The application was intended to perform a brief assessment of
cognitive impairment on the patients. The result was the identification of
several vulnerabilities which would have given an attacker access to their
internal data and manipulation of payment amounts, ...

[ Read More ]

Source Code Review of Health Care platform

Scenario:

The client approached us for performing full source code review to identify
Hidden Vulnerabilities , Insecure coding practices, Cryptography Flaws. The
Code Review ended up with multiple issues later divides into high, medium and
low severity based on impact. The source code was provided by the client.

[ Read More ]

Pen-testing Azure cloud infrastructure of health-car...

Scenario:

The client approached us to perform Cloud(Azure) VAPT on the cloud
infrastructure. The contract was intended to perform a brief assessment of
cloud infrastructure. The result was the identification of several configurations
which were not properly implemented on the infrastructure.

[ Read More ]

Pen-testing a cheque deposit thick client application

Scenario:

The client contracted us to perform VAPT on their desktop application. The
application was based on dot net technology. The result was identification of
the several vulnerability which may cause data loss to the company.

[ Read More ]

Pen-testing internal network of organization

Scenario:

The client approached us to perform the VAPT of their internal network consists
of systems, servers and firewalls. The result was identification of the several
vulnerabilities and the configurations which was not implemented properly.

[ Read More ]

Pen-testing of a buying and selling digital gold app...

Scenario:

The client approached us to conduct a full Web Application Assessment and
Penetration Testing. The application was based on the buying and selling of a
digital gold. The exercise ended with multiple issues later divided into high,
medium and low severity based on the impact.

[ Read More ]

Pen-testing of a buying and selling digital gold mo...

Scenario:

The client contracted us to perform Mobile(IOS, Android) VAPT for all the
applications. The application was intended to buy and sell the digital gold. The
result was identification of the several vulnerabilities which may occur user
account takeover and may be data loss of the users.

[ Read More ]

Network Audit for a nationalized Bank - Cyber Securi...

Scenario:

To fulfill the urgent requirement of infrastructure audit the organization approached us. By keeping IT resources, infrastructure resources, security equipment and appliances the infrastructure audit was performed.

[ Read More ]

Network Vulnerability Assessment for Limited IT Comp...

Scenario:

To fulfill the requirement of identifying potential issues in the multiple in scope machines the organization contracted us. The client strictly mentioned to perform VA only during this project as we had to perform the exercises during ongoing work of the organization for avoiding any disturbance to current workflow. The real challenge was to conduct th...

[ Read More ]

System Hardening for a listed Software Company - Cyb...

Scenario:

By conducting the hardening exercise for making their environment more secure the organization contracted us. The client assigned us certain machines for performing hardening and prepare a checklist containing end results. As the exercise was performed remotely due to COVID-19 pandemic situation, we completed the assignment using VPN connectivity.

[ Read More ]

Pen-Testing of Fake Brand Detection Portal - Cyber S...

Scenario:

Client's proprietary methodology guides you to locate and verify anticounterfeit features in genuine branded products and helps you detect and reject fake products. The client approached us for performing tool based VA for provided APK.

[ Read More ]

VA-PT of Educational ERP Management System - Cyber S...

Scenario:

A growing platform as a school ERP system contracted us for performing full VAPT. As the system has to handle thousands of users. Client also allowed for performing web server VAPT for potential issues as well. ERP was having 60+ plug and play modules with Lakhs of live users and Hundred of Clients active on it. Challenge was to perform Penetration test...

[ Read More ]

VA-PT of International Survey and Feedback Portal - ...

Scenario:

We were approached by the client for performing full VAPT of main domain hosted in live environment with full permission of demonstrating maximum impact at application level as well as server level. The final outcome contained multiple High severity issues at application level and server level as well. The medium and low severity issues were there as well.

[ Read More ]

VA-PT of ERP Management System - Cyber Security Case...

Scenario:

We were approached by the client for performing full VAPT of main domain hosted in live environment with full permission of demonstrating maximum impact at application level as well as server level. The final outcome contained multiple High severity issues at application level and server level as well. The medium and low severity issues were there as well.

[ Read More ]

VA-PT of a Wellness Product - Cyber Security Case Study

Scenario:

The organization has developed server-side protections yet wanted to look for client side issues as well. Challenge was to perform client-side attacks can show maximum impacts as the organization provided live environment.

[ Read More ]

Pen testing of a Giant Software Listing Portal - Cyb...

Scenario:

A growing platform useful for discovering top business software and service partners contracted us for performing full VAPT. The challenge was to perform VAPT with maximum possible impact.

[ Read More ]

VA-PT of a Magento based application having Magento ...

Scenario:

A web application built with Wordpress was presented with limited scope. However, allowed full port-scan in test environment. Resulted with High, medium and low level severity issues.

[ Read More ]

Pen-Testing of an International VOIP Service...

Scenario:

As the company provides on-demand VoIP service with multiple users. The challenge was to perform black-box testing with manual approach for subdomains only.

[ Read More ]

Pen-Testing of Automobile accessory designing Portal...

Scenario:

We were contacted by the company for performing web VAPT. As it was live environment we were not allowed to perform DoS attacks and scope was limited. Though the exercise resulted with High, medium and low level severity issues.

[ Read More ]

Pen-Testing of Automobile accessory E-Commerce Port...

Scenario:

we were allowed to test all possible aspects. The entire exercise ended up with High, Medium and Low severity issues. Which were fixed later as per provided recommendations.

[ Read More ]

VA-PT of HR Management Software - Cyber Security Cas...

Scenario:

The client contracted us for performing web VAPT for provided URLs only. As the product was HR Management system it became necessary for looking at information leakage issues and other authentication issues as well. Moreover, payment gateway was included as well. So VAPT was performed in live environment. The another challenge was port scanning was limi...

[ Read More ]