Vulnerability Testing Services Enable a Software Company Identify and Rectify Security Loopholes in Time

Customer: A private IT security software companyProfile: The client specializes in Data and IT Security, IT Compliance, Information Governance, IT Risk Assessment, Insider Threat Detection, User Behavior Analysis, Change Auditing, and Content Services.

Services: Vulnerability Assessment

Size: 201-500 employees
Region: Irvine, California
Industry: Software

Business Need

The client empowers information security and governance professionals to reclaim control over sensitive, regulated, and business-critical data, regardless of where it resides.

While the client could always successfully identify and resolve any security loopholes, Open Bug Bounty Researcher found a security vulnerability affecting the website and its users. They identified XSS (Cross-Site Scripting) and other vulnerabilities and disclosed information related to XSS vulnerability on Open Bug Bounty site.

To get detailed insight into the security gaps identified, the client was looking to partner with a security consulting firm that could look into the gaps and provide a complete vulnerability report. The client also wanted the firm to provide a list of preventive/corrective action items for their infected website.

Solution and Approach

  • Carried out manual exploration of the website and suggested necessary preventive actions.
  • Scanned the website with the help of tools such as OWASP ZAP, OWASP Xenotix, Nikto, and suggested a list of vulnerabilities such as CrossSite Scripting Attack, Anti CSRF tokens, X-Frame Options, SQL Injection, and so on along with their preventive actions.
  • Successfully identified cross-site scripting attack on the client application, furnished details where vulnerability existed, and provided preventive action to resolve them.
  • Regularly submitted reports to the client’s development team so that they could implement the suggestions during the development cycle.

Business Results

  • With vulnerabilities identified and resolved in time, the client can safeguard itself from cyber-attacks.
  • The client can offer secure access to its website for its users while protecting their data at all times.

Since known vulnerabilities have been identified, the client is also able to strengthen its security posture and prevent future attacks.

“Thank you for your great job for identifying vulnerabilities from our web application. We are going to research and implement it.”

– Head of tech & creative teams

Download Pdf