appsecuri

Billion Dollar Platform

Business Background

The client is considered as one of the leading developers of software applications for brokerages, banks, and exchanges. Their platform allows high-speed trading operations and stock analysis.

Today, they partner with nearly a thousand of the largest financial institutions from around the world. The platform performs millions of transactions every day and they have a community of millions of user's developing their own code to create automated trading algorithms.

The Challenge

As the platform is the financial platform with millions of users and billions of transactions, the client had already used a lot of previous vendors for the security testing of their software.

The client was using a web application firewall, web sockets for live streaming and secure tunnel for transaction execution. This was the challenging part for our researchers. As the application is developed for third party customers such as banking and currency trading companies who were building their own applications, it was important that all code and components should free from any identified critical or high-severity vulnerabilities that might lead to a compromise of the application.

The Solution

Appsecuri team with their Machine Learning and Human Intelligence approach to security testing, Using Appsecuri's multithreaded built-in scanner and other in-house tools we performed the Web Application Security Reassessment. Key highlights of the assessment are below:

  • Functional Mapping of the entire environment including sub domains along with windows app and mobile application though various intelligence tools. All the end points and hidden parameters were identified.
  • Functional Mapping of all the customer integrations, including mobile app, windows app and web portal which are all interlinked.
  • Special attention was given to areas, which involved financial transaction and sensitive customer information storage.
  • Intelligent Vulnerability scanning by our elite team of ethical hackers following checks listed in OWASP verification standard + Appsecuri Extras (Advanced Algorithms with Appsecuri ‘s more than 1000+ test cases)
  • Vulnerability correlation & Removal of false positives.
  • Leveraged the known vulnerabilities to further penetrate the Client’s application architecture and identify the true Impact of the vulnerabilities.
  • Report Generation.
  • Reset After Fix.

The Deliverables

  • Daily Status Reports and Weekly status reports
  • Comprehensive information, proof of concept examples and detailed Exploitation instructions of all the threats and vulnerabilities identified.

Outcomes

  • Reduced security breach risks.
  • Reduced risk of reputational damage and associated costs.

Benefits

By conducting thorough security tests and identifying high-severity vulnerabilities, Appsecuri reduced the Client's risk Exposure in a climate where Banking Regulatory Bodies are taking an extremely strict approach to security.

Additionally, the Client gained the following benefits:

Risk Benefits: Appsecuri has discovered 10 Critical security Issues, Appsecuri minimized security risks by assessing the customer’s infrastructure vulnerabilities as well and recommended solutions with proven methods to enhance security.

Cost Savings: Appsecuri suggested cost-effective risk-mitigation measures based on the customer’s business requirements that would ensure security and continuity of the business.

Customer Satisfaction: Web-Application Security Assessment was conducted with minimum interruption and damage across customer systems to identify security vulnerabilities, impacts and potential risks.

Compliance: As an added bonus, the Client was able to utilize the information gained from this Web Application Security Assessment to easily gain industry certifications and provide a higher level of service to its customers.

Industry


  • Financial Services

Challenge


  • Provide Data protection and customer privacy
  • Prevent targeted fraudulent and illegal activities
  • Protect Brand image

Vulnerabilities Found


  • Account takeovers
  • Authentication Bypass
  • Multiple XSS and CSRF vulnerabilities
  • Insecure direct object references
  • Token stealing and other logical security issues.
Here you'll find all the latest industry news and research by the experts at Appsecuri.

name


email


phone


message


Congratulations. Your message has been sent successfully.
Error, please retry. Your message has not been sent.

Request our free 24-Hour penetration test and get vulnerability report.


  • Evaluate skills before any type of engagement with Appsecuri.
  • Level-1 Testing with manual approach in addition to static/dynamic.
  • Get a clear picture of root findings with mitigations in the report.
  • 90% of the time we find unknown hidden critical/high vulnerabilities.



Leave a Reply

Your email address will not be published.


Comment


Name

Email

Url