One of the leading e-Wallet service providers performs Vulnerability assessments for the production environment
Client Overview
The client is Abu Dhabi based one of the leading e-Wallet management service providers.
Problem Statement
- To ensure the security of the production environment before deployment.
- To ensure the security and integrity of the backend server.
- Identifying vulnerable system software and patching any vulnerable unpatched system.
Tech Stack
Solution Approach
- Upon manual and automated analysis of the target, we found out that there are multiple vulnerabilities present on the payment gateway service, Merchant management system as well a few third party vendors.
- Properly detailed reports were given along with the recommendation.
- Few other things to consider :
a. Perform proper VAPT assessment before deployment of new services.
b. Secure coding guidelines have to be followed.
Benefits
.png)
Upon manual and automated analysis of the target, we managed to find 3 critical, 3 high, and 1 medium severity issue.
Our team has given a recommendation along with the proof of concepts of the vulnerabilities.
The backend server was vulnerable to a Remote Code Execution(RCE) vulnerability. An attacker can use this vulnerability to get full access to the back-end server and can compromise the whole server.
CSRF and XSS bugs can be used together to take over the admin panel or admin account.
Highlights
Potential web security vulnerabilities in the application were identified.
The e-Wallet management system was built to manage e-Wallets, online payments and support e-commerce businesses.
Get In Touch
With Us
We're all ears and eager to discuss your testing needs!
Crafting the best testing strategy for your product starts here.
