Critical/High Severity Vulnerabilities Found In $1B Fintech Company


One of our clients is a leading developer of software applications for brokerages, banks, and electronic trading exchanges. They thoroughly test their applications and use numerous “defense-in-depth” security tools including next-gen firewalls, IDS/IPS, SIEM, automated vulnerability and malware tools.

What they lacked was Human Intelligence to correctly prioritize alerts/risks identified by the various tools to focus their security resources on fixing the true threats. They also did not emulate blackhat hackers attempting to exploit their systems, or test vulnerabilities together to escalate the severity level.


Through combining Machine Learning crawlers with whitehat hacking, we found previously unknown

• Account Takeovers
• Authentication Bypass
• Multiple XSS and CSRF vulnerabilities
• Insecure direct object references
• Token stealing and other logical security issues

We will prove the effectiveness of our methods to you in the results of a free 24-hour test.

Email us at  to avail the Free 24 – Hour Pen Test Offer.

OK To Defer Low Severity Vulnerabilities?

Not if a black hat hacker can chain multiple low severity vulnerabilities together to create a criti ...

Read More

Does Static/Dynamic Testing Identify All App Vulnerabilities?

In a word, No. There are certain vulnerabilities can only be identified with manual app testing, suc ...

Read More
Here you'll find all the latest industry news and research by the experts at Appsecuri.





Congratulations. Your message has been sent successfully.
Error, please retry. Your message has not been sent.

Request our free 24-Hour penetration test and get vulnerability report.

  • Evaluate skills before any type of engagement with Appsecuri.
  • Level-1 Testing with manual approach in addition to static/dynamic.
  • Get a clear picture of root findings with mitigations in the report.
  • 90% of the time we find unknown hidden critical/high vulnerabilities.

Leave a Reply

Your email address will not be published.