appsecuri

SaaS Based Startup


Business Background

The Client is a funded startup providing a SaaS incident management platform utilizing deep learning and pattern matching algorithms to shrinkage for retail outlets.

The Challenge

As the platform was used by big Retailers and include sensitive data, it must be assured that the infrastructure must be free from any type of low or high severity issues including newly released CVE IDs and the latest vulnerabilities for all components used in the infrastructure.

The Solution

By using Appsecuri's uniquely developed framework and tools, the consultants completed a full Network Security assessment. Key highlights of the security assessment are as below:

  • Performed expansive scans to assess computer systems, networks and applications for weaknesses.
  • Performed targeted scans and manual investigation to validate the vulnerabilities.
  • Identified various infrastructure components susceptible to penetrations.
  • Used tools for testing (or investigation) and validated vulnerabilities.
  • Ranked the vulnerabilities based on the threat level, potential loss, and likelihood of exploitation.
  • Recommended solutions for issues identified.
  • Manually reviewed findings and finalised report to client.

The Deliverables

  • Daily Status Reports and Weekly status reports.
  • Comprehensive information, proof of concept examples and detailed Exploitation instructions of all the threats and vulnerabilities identified.

Outcomes

  • Reduced security breach risks.
  • Reduced risk of damage to reputation and associated costs.

Benefits

By conducting thorough security tests and identifying vulnerabilities, Appsecuri reduced the Client's risk additionally; the Client gained the following benefits:

Risk Benefits: Appsecuri has discovered 5 Medium security Issues, 2 Low severity issues. Appsecuri minimized security risks by trying all the test cases of infrastructure related vulnerabilities as well as checks for latest CVE ID related vulnerabilities and recommended solutions with proven methods to enhance security.

Cost Savings: Appsecuri suggested cost-effective risk-mitigation measures based on the customer’s business requirements that would ensure security and continuity of the business.

Customer Satisfaction: Network Security Assessment was conducted with minimum interruption and damage across customer systems to identify security vulnerabilities, impacts and potential risks.

Compliance: As an added bonus, the Client was able to utilize the information gained from this Network Security Assessment to easily gain industry certifications and provide a higher level of service to its customers.

Industry


  • Information Technology & Services

Challenge


  • Huge dataset with confidential customer information
  • Distributed, global workforce
  • Protect against constantly evolving and insider threat

Vulnerabilities Found


  • Information Leakage
  • Beast vulnerability
  • Lucky 13 vulnerability
  • Sweet 32 Vulnerability
  • SMTP Service Cleartext Login Permitted
  • Outdated Version of OpenSSH
  • SMTP User Enumeration
  • RPC accessible over Internet
Here you'll find all the latest industry news and research by the experts at Appsecuri.

name


email


phone


message


Congratulations. Your message has been sent successfully.
Error, please retry. Your message has not been sent.

Request our free 24-Hour penetration test and get vulnerability report.


  • Evaluate skills before any type of engagement with Appsecuri.
  • Level-1 Testing with manual approach in addition to static/dynamic.
  • Get a clear picture of root findings with mitigations in the report.
  • 90% of the time we find unknown hidden critical/high vulnerabilities.



Leave a Reply

Your email address will not be published.


Comment


Name

Email

Url