A web application having over 10,000 registered users worldwide who use the cloud-based application to test their knowledge on a variety of topics. The free app attracts a lot of young and inquisitive minds and stores their personally identifiable information (PII) as well as the confidential databank of quizzes. Such an application must be highly secure.
Thanks team for making online testing more secure for our customers… Your efforts have made the site more secure, have helped us protect users’ confidential information…Going great! Keep up the excellent work.Product Owner, Washington-based organization
WHAT VIDYATECH DID?
The website keeps on evolving. With newer features and quizzes, there are regular changes in source code, configuration, and integration that make the site vulnerable in several ways.
Occasionally, the website also runs contests wherein winners are rewarded. The participants’ personal information is gathered as part of the process. The typical database contains questions, answers, and feedback shared by the users, as well as their PII.
With sophisticated cyberattacks growing, it was essential to safeguard every bit of information available, stored, and transmitted. However, the customer did not have any know-how and mechanism to make the site secure and protect the extremely confidential and highly vulnerable information, like PII.
Our team of penetration testers carefully studied the existing site and analyzed the security gaps.
Before performing Vulnerability Assessment and Penetration Testing (VAPT), the application was hosted locally so that the real end-users did not face any interruptions while using the application.
The team did thorough footprinting for further analysis. We identified the apparent vulnerable areas of the application for more attentive assessment. Our security professionals followed Open Web Application Security Project (OWASP) guidelines to verify vulnerabilities uncovered by automated security tools.
The professionals tried to reproduce or exploit the vulnerabilities under controlled environment. The entire VAPT exercise was conducted stringently and systematically.
The VAPT exercise was an eye-opener for the product owners.