Customer Success Story
VULNERABILITY ASSESSMENT AND PENETRATION TESTING:AN ONLINE TESTING APPLICATION

A cloud-based web application for Online Testing has over 10,000 registered users from all parts of the globe who use it to test their knowledge on variety of topics. It’s free and publicly available and attracts a lot of young and inquisitive minds who explore and play around – in essence, they have fun while they learn.

PROBLEM

The website evolves constantly as it provides users with newer features and quizzes. This constant change at the levels of source code, configuration and integration – makes it vulnerable in several ways. Occasionally the website runs contests wherein winners are rewarded. This makes its rich data bank consisting of questions, answers, feedback, and personal details of its users, extremely vulnerable to hacking. It is important to safeguard all of this and more.

Thanks Team for making Online Testing more secure for our customers
…Product Owner
Security
WHAT VIDYATECH DID
  • The application was hosted locally (in consultation with the Product Owners) before VAPT action so that real end-users continued to enjoy the experience of the application.
  • Thorough FootPrinting helped gather information (back-end and details) for analysis and strategization.
  • To evaluate the application against the industry standard, OWASP was used as the guide.
  • Identified likely vulnerable areas of the application for more focused and relevant assessment.
  • Security professionals to verify vulnerabilities uncovered by from results of automated security tools wherein they try to repro or exploit the vulnerabilities under controlled environment.
  • The complete VAPT exercise was conducted under strict rules and systematic process.
RESULT

The outcome of the Application Vulnerability and Penetration Testing exercise was an eye-opener for the product owners. While having the web application hosted on Microsoft Azure was a boon, there were certain vulnerabilities exposed pertaining to data transfer which could have posed a serious security threat if exploited by a seasoned hacker. Timely addressing of identified application security gaps ensure that next release of the application was more robust and more tuned to protect the confidential data pertaining to the quizzes and the users.


Security
8201, 164th Avenue NE, Suite 200, Redmond, WA 9805
www.vidyatech.com