One of the leading e-Wallet service providers performs Vulnerability assessments for the production environment
Industry
Fin Tech
Services
Security Testing
Client Overview
The client is Abu Dhabi based one of the leading e-Wallet management service providers.
Problem Statement
To ensure the security of the production environment before deployment.
To ensure the security and integrity of the backend server.
Identifying vulnerable system software and patching any vulnerable unpatched system.
Tech Stack
Solution Approach
Upon manual and automated analysis of the target, we found out that there are multiple vulnerabilities present on the payment gateway service, Merchant management system as well a few third party vendors.
Properly detailed reports were given along with the recommendation.
Few other things to consider : a. Perform proper VAPT assessment before deployment of new services. b. Secure coding guidelines have to be followed.
Benefits
Upon manual and automated analysis of the target, we managed to find 3 critical, 3 high, and 1 medium severity issue.
Our team has given a recommendation along with the proof of concepts of the vulnerabilities.
The backend server was vulnerable to a Remote Code Execution(RCE) vulnerability. An attacker can use this vulnerability to get full access to the back-end server and can compromise the whole server.
CSRF and XSS bugs can be used together to take over the admin panel or admin account.