One of the leading e-Wallet service providers performs Vulnerability assessments for the production environment
Client Overview
The client is Abu Dhabi based one of the leading e-Wallet management service providers.
Problem Statement
- To ensure the security of the production environment before deployment.
- To ensure the security and integrity of the backend server.
- Identifying vulnerable system software and patching any vulnerable unpatched system.
Tech Stack
![](https://cdn.prod.website-files.com/64b7ba4dc9375b7b74b2135e/64d48b691834e4b197ed003e_18.png)
Solution Approach
- Upon manual and automated analysis of the target, we found out that there are multiple vulnerabilities present on the payment gateway service, Merchant management system as well a few third party vendors.
- Properly detailed reports were given along with the recommendation.
- Few other things to consider :
a. Perform proper VAPT assessment before deployment of new services.
b. Secure coding guidelines have to be followed.
Benefits
![](https://cdn.prod.website-files.com/64b7ba4dc9375b7b74b2135e/64d1d8f1b63687bac0a0add4_Tech%20Stack%20(1).png)
Upon manual and automated analysis of the target, we managed to find 3 critical, 3 high, and 1 medium severity issue.
![](https://cdn.prod.website-files.com/64b7ba4dc9375b7b74b2135e/64d1d8f1b63687bac0a0add4_Tech%20Stack%20(1).png)
Our team has given a recommendation along with the proof of concepts of the vulnerabilities.
![](https://cdn.prod.website-files.com/64b7ba4dc9375b7b74b2135e/64d1d8f1b63687bac0a0add4_Tech%20Stack%20(1).png)
The backend server was vulnerable to a Remote Code Execution(RCE) vulnerability. An attacker can use this vulnerability to get full access to the back-end server and can compromise the whole server.
![](https://cdn.prod.website-files.com/64b7ba4dc9375b7b74b2135e/64d1d8f1b63687bac0a0add4_Tech%20Stack%20(1).png)
CSRF and XSS bugs can be used together to take over the admin panel or admin account.
Connect with UsHighlights
Potential web security vulnerabilities in the application were identified.
The e-Wallet management system was built to manage e-Wallets, online payments and support e-commerce businesses.
Get In Touch
With Us
We're all ears and eager to discuss your testing needs!
Crafting the best testing strategy for your product starts here.