India's Largest Airlines - VAPT

Cloud Cost Optimization

Customer Challenge

With rapidly growing threats in aviation industry, Air India was looking for a trusted and strong info sec partner for their web application security and info security roadmap development. With the growing demands of w eb and mobile
applications, Technology team at Air India wanted to outsources their application security to someone who should be capable enough. Some of their requirements has mentioned below.

India's Largest Airlines signs up for WebApp Vulnerability Assessment with Tesseract Global

About Customer

The Airline is the largest international carrier out of India with an 18.6% market share and also the flag carrier airline of India. A governmentowned enterprise, and operates a fleet of Airbus and Boeing aircraft serving 94 domestic and international destinations.

Challenges

With rapidly growing threats in aviation industry, the Airline was looking for a trusted and strong infosec partner for their web application security and
info security roadmap development.
With the growing demands of web and mobile applications, Technology team wanted to outsources their application security to someone who should be
capable enough. Some of their requirements has mentioned below.

  • Routine evaluation of security vulnerabilities
  • Delivering GAP analysis technical and business reports
  • Assisting in-house developers for code fix and validation
  • Delivering quaterly security and business analytics report

Solutions

After analyzing the platform in detail, involving the source code review and several APIs, Tesseract Global proposed a full-stack web application vulnerability assessment. It is performed with four several aspects and mentioned as below:

Application

Cross-site scripting
Week input validation
Zero-day exploits
Vulnerable libraries
Privilege escalation
Brute force attacks

API

Broken authentication
Lack of access control
Key leakage
Insecure transport
Injection flaw
Session management
Tampering and trust flaws

Web Server

Platform vulnerabilities
Cross-site scripting
forgery
Weak input
validation
Brute force attacks

Database

SQL injection
Privilege escalation
OS command execution
Data dumping

Introduction

Objective of the assessment
Scope of the assignment
Standard followed
Duration of the assignment

Management Summary

High level findings
high-level recommendation
Analytical and graphical summary

Technical Report

Vulnerability discovered
CVE rating with details
Mitigation recommendations

Conclusion

Summary of report
Immediate actions

Team Tesseract has been very much professional from taking them onboard till the completion of the project. The diagnosis report helped us to cover some of the most critical security

– Head of Security issues.

Benefits

The Airlines find themselves succeeded in harnessing the benefits of full-stack web application vulnerability
assessment with higher degree of security and better piece of mind. The IT and Security team are now confident about their platform, critical vulnerabilities and mitigation techniques. Management team
gets a summarized report with current security risk of their online platform, helping them for better decision making and proper security investment.

About Tesseract Global

Tesseract Global is a leading cloud services and cybersecurity solutions provider by leveraging years of global and best-in breed technology experience.For more information about Tesseract Global services, go to: www.tglobal.tech

How can we help you?

Contact us at the Consulting WP office nearest to you or submit a business inquiry online.