Case Studies

VAPT of Trading and Investment web application

Scenario:

We were contacted by the client to conduct a comprehensive Web Application
Assessment and Penetration Testing of the target application that also includes
all the ports and exploitation of findings. The exercise ended with multiple
issues later divided into high, medium and low severity based on the impact.
The sandbox was provided by the client for t…

[ Read More ]

Web VAPT Finance Web Socket, Mongo DB database, Amazon 8 Days

Source Code Review of Trading and Investment Platform

Scenario:

A growing platform useful for trading stocks and broker service contracted us
for performing full source code review. The Source code review was performed
with maximum possible impact.

[ Read More ]

Source Code Review Finance Java, PHP, Python 15 Days

VAPT of AWS cloud infrastructure of Financial platform

Scenario:

The client contracted us to perform Cloud(AWS) VAPT on their cloud
infrastructure. We had a contract to perform a brief assessment of their whole
cloud infrastructure. The result was an identification of several configurations
and findings which were not properly implemented on the cloud infrastructure.

[ Read More ]

Cloud VAPT Finance Amazon AWS 7 Days

VAPT of health care Web Application

Scenario:

The client approached us to conduct a full Web Application Assessment and
Penetration Testing of the target which also includes all port scanning and
maximum exploitation. The exercise ended with multiple issues later divided
into high, medium and low severity based on the impact. The test environment
was provided by the client for the testing purpose…

[ Read More ]

Web VAPT Health Care PHP, Word Press, Windows IIS (10) server 8 Days

Pen-testing of health-care mobile applications

Scenario:

The client contracted us to perform Mobile(iOS, Android) VAPT for all the
applications. The application was intended to perform a brief assessment of
cognitive impairment on the patients. The result was the identification of
several vulnerabilities which would have given an attacker access to their
internal data and manipulation of payment amounts, as…

[ Read More ]

Mobile VAPT Health Care Java, Kotlin, Swift 15 Days

Source Code Review of Health Care platform

Scenario:

The client approached us for performing full source code review to identify
Hidden Vulnerabilities , Insecure coding practices, Cryptography Flaws. The
Code Review ended up with multiple issues later divides into high, medium and
low severity based on impact. The source code was provided by the client.

[ Read More ]

Source Code Review Health Care Java, PHP, Javascript 7 Days

Pen-testing Azure cloud infrastructure of health-care …

Scenario:

The client approached us to perform Cloud(Azure) VAPT on the cloud
infrastructure. The contract was intended to perform a brief assessment of
cloud infrastructure. The result was the identification of several configurations
which were not properly implemented on the infrastructure.

[ Read More ]

Cloud VAPT Health Care Microsoft Azure 7 Days

Pen-testing a cheque deposit thick client application

Scenario:

The client contracted us to perform VAPT on their desktop application. The
application was based on dot net technology. The result was identification of
the several vulnerability which may cause data loss to the company.

[ Read More ]

Desktop VAPT Finance Dot NET 7 Days

Pen-testing internal network of organization

Scenario:

The client approached us to perform the VAPT of their internal network consists
of systems, servers and firewalls. The result was identification of the several
vulnerabilities and the configurations which was not implemented properly.

[ Read More ]

Network VAPT Finance Windows based desktops and servers, SonicWALL Firewall 7 Days

Pen-testing of a buying and selling digital gold appli…

Scenario:

The client approached us to conduct a full Web Application Assessment and
Penetration Testing. The application was based on the buying and selling of a
digital gold. The exercise ended with multiple issues later divided into high,
medium and low severity based on the impact.

[ Read More ]

Web VAPT Finance Bootstrap, Apache 6 Days

Pen-testing of a buying and selling digital gold mobi…

Scenario:

The client contracted us to perform Mobile(IOS, Android) VAPT for all the
applications. The application was intended to buy and sell the digital gold. The
result was identification of the several vulnerabilities which may occur user
account takeover and may be data loss of the users.

[ Read More ]

Mobile VAPT Finance Java, Swift 12 Days

Network Audit for a nationalized Bank - Cyber Security…

Scenario:

To fulfill the urgent requirement of infrastructure audit the organization approached us. By keeping IT resources, infrastructure resources, security equipment and appliances the infrastructure audit was performed.

[ Read More ]

Infrastructure, IT resources, Physical security Online Platform 1 Month Banking

Network Vulnerability Assessment for Limited IT Compan…

Scenario:

To fulfill the requirement of identifying potential issues in the multiple in scope machines the organization contracted us. The client strictly mentioned to perform VA only during this project as we had to perform the exercises during ongoing work of the organization for avoiding any disturbance to current workflow. The real challenge was to conduct this…

[ Read More ]

Network VA IT Windows based desktops and servers 15 days

System Hardening for a listed Software Company - Cyber…

Scenario:

By conducting the hardening exercise for making their environment more secure the organization contracted us. The client assigned us certain machines for performing hardening and prepare a checklist containing end results. As the exercise was performed remotely due to COVID-19 pandemic situation, we completed the assignment using VPN connectivity.

[ Read More ]

System Hardening IT Software Windows based desktops and servers 15 Days

Finding Security loopholes from Cloud Infrastructure a…

Scenario:

The client approached us for DevSecOps oriented work where we have to look into log management system and provide periodic reports based on log analysis.

[ Read More ]

DevOps, DevSecOps (Ed-Tech) Education Kibana, AWS Periodic reporting

Pen-Testing of Fake Brand Detection Portal - Cyber Sec…

Scenario:

Client's proprietary methodology guides you to locate and verify anticounterfeit features in genuine branded products and helps you detect and reject fake products. The client approached us for performing tool based VA for provided APK.

[ Read More ]

Mobile Application VA Branding & Marketing Android 15 Days

VA-PT of Educational ERP Management System - Cyber Sec…

Scenario:

A growing platform as a school ERP system contracted us for performing full VAPT. As the system has to handle thousands of users. Client also allowed for performing web server VAPT for potential issues as well. ERP was having 60+ plug and play modules with Lakhs of live users and Hundred of Clients active on it. Challenge was to perform Penetration testin…

[ Read More ]

Web VAPT (Ed-Tech) Education Web VAPT, Mobile VAPT (AndroidiOS), API VAPT 1-1.5 Months

VA-PT of International Survey and Feedback Portal - Cy…

Scenario:

We were approached by the client for performing full VAPT of main domain hosted in live environment with full permission of demonstrating maximum impact at application level as well as server level. The final outcome contained multiple High severity issues at application level and server level as well. The medium and low severity issues were there as well.

[ Read More ]

Web VAPT IT Forum PHP, Apache, Ubuntu 1 - 1.5 Months

VA-PT of ERP Management System - Cyber Security Case S…

Scenario:

We were approached by the client for performing full VAPT of main domain hosted in live environment with full permission of demonstrating maximum impact at application level as well as server level. The final outcome contained multiple High severity issues at application level and server level as well. The medium and low severity issues were there as well.

[ Read More ]

Web VAPT (Ed-Tech) Education PHP, Apache, Ubuntu, MySQL 1 Month

Server and Firewall Security Review of a Wellness Prod…

Scenario:

We were contracted by the company for reviewing the firewall and production server to identify possible weaknesses in configuration.

[ Read More ]

Server + Firewall Review Health Care Solutions Linux-xenial-x64 15 Days

VA-PT of a Wellness Product - Cyber Security Case Study

Scenario:

The organization has developed server-side protections yet wanted to look for client side issues as well. Challenge was to perform client-side attacks can show maximum impacts as the organization provided live environment.

[ Read More ]

Web VAPT Health Care Solutions Wordpress, MySQL, Apache, Ubuntu 1 Month

Pen testing of a Giant Software Listing Portal - Cyber…

Scenario:

A growing platform useful for discovering top business software and service partners contracted us for performing full VAPT. The challenge was to perform VAPT with maximum possible impact.

[ Read More ]

Web VAPT of respective product IT PHP, Cloud Flare, Ubuntu 15 Days

VA-PT of a Magento based application having Magento ex…

Scenario:

A web application built with Wordpress was presented with limited scope. However, allowed full port-scan in test environment. Resulted with High, medium and low level severity issues.

[ Read More ]

Web VAPT Application Development Wordpress , MySQL, Magento 1 Month

Pen-Testing of an International VOIP Service p…

Scenario:

As the company provides on-demand VoIP service with multiple users. The challenge was to perform black-box testing with manual approach for subdomains only.

[ Read More ]

Web, Mobile Application VAPT Telecommunications NodeJS, Angular, MySQL 1 Month

Pen-Testing of Automobile accessory designing Portal -…

Scenario:

We were contacted by the company for performing web VAPT. As it was live environment we were not allowed to perform DoS attacks and scope was limited. Though the exercise resulted with High, medium and low level severity issues.

[ Read More ]

Web VAPT of respective product Automobile Magento, PHP, MySQL, Apache, Ubuntu 1 Month

Pen-Testing of Automobile accessory E-Commerce Portal…

Scenario:

we were allowed to test all possible aspects. The entire exercise ended up with High, Medium and Low severity issues. Which were fixed later as per provided recommendations.

[ Read More ]

Web VAPT of respective product Automobile Apache Tomcat, JSP, MySQL 1 Month

Periodic Security Re-Assessment for newly added module…

Scenario:

Client had a live environment application with frequently updated features. Which required periodic security testing due to continuous changes.

[ Read More ]

Web VAPT Health Care Solutions PHP, MySQL, Apache, Ubuntu 1 Month

VA-PT of HR Management Software - Cyber Security Case …

Scenario:

The client contracted us for performing web VAPT for provided URLs only. As the product was HR Management system it became necessary for looking at information leakage issues and other authentication issues as well. Moreover, payment gateway was included as well. So VAPT was performed in live environment. The another challenge was port scanning was limite…

[ Read More ]

Web VAPT of respective product Human Resources Magento, PHP, MySQL, Apache, Ubuntu 20-30 Days