Case Studies

Significantly reduced vulnerabilities for a fleet management system based on OWASP standards, and setup automated scans with API testing

Conquered on: 03 . 09 . 2021 Download case study as PDF

About the client

The client is a provider of Fleet Management Application.

  • The client wanted to test the fleet management system which consists of a web application and set of APIs.
  • A secure application is required which does not contain any vulnerability and has no risk of any potential threats.  
  • Lot of data regarding the driver and different user roles is stored in the database.
  • Port Scanning is required to find out any which ports on a network are open and could be receiving or sending data.
  • OWASP Top 10 Application Security Audit (Manual & Automation) of web application is required

The Challenge

Some of the pages like profile and dashboard were partially developed for most of the user roles, hence it was difficult to effectively complete the testing for the full web application

The scope of API testing was increased in the Re-Validation Round

The testing environment and API details were not provided As per the defined timelines which pushed the end date of the project

The Solution

  • Gathered understanding of web application and functioning of API .
  • Setup of tools used for automated scans.
  • Explored potential threats, through a process of developing threat scenarios and developed a realistic view of the potential attack using tools.
  • Vulnerability assessment of the application and manual testing of APIs
  • Simulated the penetration attacks from the Gray-box perspective.
  • Executed multiple test cases related to each OWASP vulnerability.
  • Port Scanning to find out the open network ports
  • Identified OWASP top 10 vulnerabilities.
  • Re-validated the issues that were reported in Phase 1.
  • Automated scanning of application to re-validate the occurrence of issues identified in Phase 1.

Services we offered

Security Testing | Test Automation

Outcomes

  1. During the Detailed security testing (Phase 1), 4 medium risk and 1 low risk vulnerabilities was found. 
  2. At the closure of Re-validation (Phase 2) ,3 medium vulnerabilities and 1 Low vulnerability were fixed.
  3. 1 medium vulnerability had been marked as an exception which will be re-validated by Intel development team

Key Outcomes

80

reduction in vulnerabilities of the application