Vulnerability Assessment & Security Testing for an Online Retailer
The client is a leading online retailer with a large portfolio of consumer brands.
Being an online retailer, the company was worried about security of their web platform. Hence thy wanted to test the website for technical and design flaws that may let hackers to do any unethical transactions. The major concern for the company was to ensure the web portal is safe for customer transaction and sharing personal information.
Conducted vulnerability test for website pages and across categories based on OWASP and MITRE standards
Conducted static and dynamic source code review to achieve security standards
Carried out functional mapping of the website pages with URLs and inclusive parameters
Performed special case testing for Tampering Attacks in the payment workflow
Performed Vulnerability Assessments for all web pages for security misconfigurations
Domain-based testing for Privilege escalations – testing for unauthorised access to premium accounts using session logs and IDs
Performed search overflow attacks covering the vulnerabilities against server interruptions and app responsiveness
Verified for injection attacks – injection of technology based scripts/files in URLs and search fields
Performed Penetration Tests using proxy techniques to manipulate parameter values/tamper operational data
Conducted source code review to achieve Security Standards
Identification and remediation of OWASP top 10 and domain based vulnerabilities with the help of security testing
Comprehensive security bug report to avoid false positives and to minimize security risks
Robust web platform with capability to fight attacks like Cross Site Scripting (XSS) and Cross-site Request Forgery (CSRF)