FinTech Leader signs up for WebApp Vulnerability Assessment

VAPT Web Application

Customer Challenge

Company has multiple regional payment gateway platforms to perform several mobile and other utility transactions. One of their highly loaded payment gateway platform was functioning for more than decade. The software development and its security testing were getting performed by in house IT team. Despite of quarterly security testing, IT team observed growing number of cyber threats and faced challenges in prioritizing critical vulnerabilities from rapidly increasing global vulnerabilities database.Company was in need of a third-party trusted security provider that has strong cybersecurity hands and FinTech technology expertise to overcome their ongoing security challenges and also fulfil their business needs

FinTech Leader signs up for WebApp Vulnerability Assessment with Tesseract Global

About Customer

A Zurich based FinTech company is a multi-bank payment gateway provider. With more than 950,000 outlets globally, company even accept case payments for the leading mobile and landline operators including MTS, MegaFon and many others in CIS, Russia, India and Germany.

Challenges

Company has multiple regional payment gateway platforms to perform several mobile and other utility transactions. One of their highly loaded payment gateway platform was functioning for more than decade. The software development and its security testing were getting performed by in house IT team. Despite of quarterly security testing, IT team observed growing number of cyber threats and faced challenges in prioritizing critical vulnerabilities from rapidly increasing global vulnerabilities database.Company was in need of a third-party trusted security provider that has strong cybersecurity hands and FinTech technology expertise to overcome their ongoing security challenges and also fulfil their business needs such as

  • Routine evaluation of security vulnerabilities
  • Delivering GAP analysis technical and business reports
  • Assisting in-house developers for code fix and validation
  • Delivering quaterly security and business analytics report

Solutions

After analyzing the platform in detail, involving the source code review and several APIs, Tesseract Global proposed a full-stack web application vulnerability assessment. It is performed with four several aspects and mentioned as below:

Application

Cross-site scripting
Week input validation
Zero-day exploits
Vulnerable libraries
Privilege escalation
Brute force attacks

API

Broken authentication
Lack of access control
Key leakage
Insecure transport
Injection flaw
Session management
Tampering and trust flaws

Web Server

Platform vulnerabilities
Cross-site scripting
forgery
Weak input
validation
Brute force attacks

Database

SQL injection
Privilege escalation
OS command execution
Data dumping

Introduction

Objective of the assessment
Scope of the assignment
Standard followed
Duration of the assignment

Management Summary

High level findings
high-level recommendation
Analytical and graphical summary

Technical Report

Vulnerability discovered
CVE rating with details
Mitigation recommendations

Conclusion

Summary of report
Immediate actions

It took around two weeks to complete the project and I found them very sophisticated and confident throughout the program. After the final report, we worked together to fix the vulnerabilities.

– Head of Security issues.

Benefits

The FinTech customer find themselves succeeded in harnessing the benefits of full-stack web application vulnerability assessment with higher degree of security and better piece of mind. The IT team is now confident about their platform, critical vulnerabilities and mitigation techniques. Management team gets a summarized report with current security risk of their online platform, helping them for better decision making and proper security investment.

About Tesseract Global

Tesseract Global is a leading cloud services and cybersecurity solutions provider by leveraging years of global and best-in breed technology experience.For more information about Tesseract Global services, go to: www.tglobal.tech

How can we help you?

Contact us at the Consulting WP office nearest to you or submit a business inquiry online.