Business Background
The client is the funded startup and provides a free downloadable application, which users engage with an advertiser’s ad and get paid. It is beneficial for the advertisers as they can spread their coupons or any other types of discount offers through the help of application and can produce a strong ROI on social media. Protecting the personal information and privacy of the users is of the utmost importance to Client.
Objective
Pre-release security testing of Mobile Application.
The Challenge
The platform had lots of financial transactions from internal accounts to user’s accounts and from the user’s account to internal bank accounts, which was crucial and challenging. The application stored a lot of user’s data including personally identifiable information and it was important for us that the mobile app was secured for customer use and compliant as per OWASP mobile verification standard.
The Solution
• Build the security testing plan.
• Functional Mapping of the entire mobile app endpoints and integrations.
• Reverse engineering and auditing of the application for the static analysis through various open source tools by team of ethical hackers by following checks listed in OWASP code review standards.
• Traffic Interception of the application for the phase of Dynamic analysis through various open source tool by team of ethical hackers by following checks listed in OWASP code review standards.
• Human Intelligence testing of application for the logic analysis through various open source tools by team of ethical hackers by completing checks listed in OWASP code review standards.
• Human Vulnerability correlation & Removal of false positives.
• Leveraged known vulnerabilities to further penetrate the Client’s application architecture and identify the true Impact of the vulnerabilities.
• Writing of Assessment report.
The Deliverables
• Daily Status Reports and Weekly status reports
• Comprehensive information, proof of concept examples and detailed Exploitation instructions of all the threats and vulnerabilities identified
• Writing of Assessment report.
Outcomes
• Daily Status Reports and Weekly status reports
• Comprehensive information, proof of concept examples and detailed Exploitation instructions of all the threats and vulnerabilities identified
Benefits
By conducting thorough security tests and identifying vulnerabilities,
Appsecuri reduced the Client’s risk additionally, the Client gained the
following benefits:
Risk Benefits: Appsecuri has discovered 3 Critical Security Issues:
a) Insecure direct object reference
b) 2FA bypass due to brute force
) OAuth2 Misconfiguration
Cost Savings: Appsecuri suggested cost-effective risk-mitigation measures based on the customer’s business requirements that would ensure the security and continuity of the business.
Customer Satisfaction: Satisfaction: Mobile-Application Security Assessment was conducted with minimum interruption and no damage across customer systems to identify security vulnerabilities, impacts, and potential risks.
Compliance: The Mobile application was benchmarked against OWASP global security standards.
Speedy service: The client was particularly impressed by how quickly Appsecuri could carry out the penetration test and deliver reports.
Insurance Company
Security testing of
National Insurance
company with billion
dollar turnover
