CHALLENGE
- Analyze and narrow the scope focusing on critical aspect of business i.e. High-risk
- vulnerability
- Testing the hidden part of the application for unspecified attacks
- Lack of standards – choosing the right approach and techniques from wide range
- Diversity of scope – Cloud service provider software, platforms and tools
Vulnerabilities Found
- Application was vulnerable to multiple instances of security misconfiguration and broken authentication where least privileged user or unauthorized user gets access to application
- Application’s bulk import feature allows any file type to be uploaded leading to rate limit attack by unnecessary throttling or exhausting invocation limit of lambda functions
- Application exposed session token in URL increased the risk of inheriting the session
- Application exposes and usage highly vulnerable version of libraries and components
TECHNICAL STACK
Burp Suite, OWASP
Let's Change the Game Together
Like what you have seen? Let’s get started. Just fill in a few details and we will get in touch as soon as possible.
SOLUTIONS OFFERED
- Discovery phase for requirement elicitation and conducting gap analysis to finalize a consultative approach and provide guidance and direction to bridge the gap for an optimal solution.
- Suggested core group of subject matter experts (SME) to cover all the business and technology needs of the RFP
- Recommended a detailed 8 weeks Consulting/Discovery Phase which covered Executive Report and also Technical and Logical Architecture
BYOM – Bring Your Own Model
Retain ownership while benefiting from expert integration and optimization services.
