The client is a multinational insurance firm with more than $1 billion dollars annual turnover. Our customer provides consumer insurance services including Life, health insurance, Property insurance, Casualty insurance and Investment management. The particular Application was meant for India based branches only and was used only for internal use by the employees to add/delete/update insurance policies.
Penetration testing before the release of the application.
The main challenge that our team faced was a short testing time window because client had a hard deadline to move the application into production quickly and because the application contained highly sensitive customer data with a Portal so internal teams can Add/Change/Delete policies of users, it was very important that the portal must be free from any high-severity vulnerability that might lead to compromise of the application.
Key highlights of the security assessment are as below:
Functional Mapping of the entire portal including all end points and hidden parameters.
Assessment of anti-DDOS solutions efficiency
Special Attention was given on the Authentication and Database part as well as zero days vulnerabilities
Intelligent automation of testing, Industry’s most advanced logical testing approach, Intelligent Vulnerability scanning by our elite team of ethical hackers following checks listed in OWASP verification standard + Appsecuri Extras
Vulnerability correlation & Removal of false positives
Leveraged the known vulnerabilities to further penetrate the Client’s application architecture and identify the True Impact of the vulnerabilities
Reset After Fix.
Daily Status Reports and Weekly status reports
Comprehensive information, proof of concept examples and detailed Exploitation instructions of all the threats and vulnerabilities identified
Reduced security breach risks.
Reduced risk of reputational damage and associated costs.
By conducting thorough security tests and identifying high-severity vulnerabilities the Client gained the following benefits:
Risk Benefits: Appsecuri has discovered 4 Critical security Issues and 8 High Category Issues, Appsecuri minimized security risks by assessing the customer’s infrastructure vulnerabilities as well and recommended solutions with proven methods to enhance security
Speedy service: Client was particularly impressed by how soon Appsecuri could carry out the penetration test and how quickly the reports were delivered.
Cost Savings: Appsecuri suggested cost-effective risk-mitigation measures based on the customer’s business requirements ensuring security and continuity of the business
Customer Satisfaction: Web-Application Security Assessment was conducted with minimum interruption and damage across customer systems to identify security vulnerabilities, impacts and potential risks.
Compliance: As an added bonus, the Client was able to utilize the information gained from this Web Application Security Assessment to easily gain industry certifications and provide a higher level of service to its customers.
Gain complete visibility into network
Protect against sophisticated and rapidly-evolving cyber-attacks
Data accessible without authorization/authentication
Application was vulnerable to CSRF attack
Application was vulnerable to HTML Injection/XSS
DMARC and SPF Record Missing
SSL Security not enforced
Headers based protections missing
CORS Bypass and other Logical security issues
Here you'll find all the latest industry news and research by the experts at Appsecuri.
Request our free 24-Hour penetration test and get vulnerability report.
Evaluate skills before any type of engagement with Appsecuri.
Level-1 Testing with manual approach in addition to static/dynamic.
Get a clear picture of root findings with mitigations in the report.
90% of the time we find unknown hidden critical/high vulnerabilities.