Overview
Our client is a leading esports tournament conducting company in Asia and other countries. Our client offers various services in the aspects of the esports industry that includes tournaments, events, influencing, content, marketing & activations. They make every esports tournament exclusive through their highly skilled team members. So far, our client has worked with international clients that include Alienware, Airtel, Corsair, Dsport, ESL, and so on.
Client Requirement
- The client wanted a team to analyse the security of their new web application built with the latest version of development tools.
- As the client’s newly built web application was not fully secure and had too many bugs.
- Additionally, some severe security bugs were also present on the web application, and while the web application had many users, it concerned the client about data theft.
- There was also no security patch on the web application. And the web application was also dealing with different portals, so the chances of potential threat were high.
- Thus, the client wanted to hire professionals who have experience in performing VAPT (Vulnerability Assessment and Penetration Testing) for their web application.
- Our client wanted to resolve the web application issues in a limited timeframe and wanted to secure its web application from the potential threat.
- So, the client was looking for the Best VAPT service provider in India and contacted us to get the solution.
Risk and Vulnerabilities Found
While performing the testing, we found the following risks.
1. Insecure direct object references (IDOR)
2. Content-Security-Policy Missing
3. Brute Force Protection Not Implemented
4. Internal Path Disclosed
5. Server Banner Disclosed
6. Improper Session Handling (Session does not expire after password change)
7. SQL injection
8. Vulnerable and Outdated Components
9. NO rate limit
10. Unrestricted File Upload
How did ECS Provide a Solution?
We provided a complete solution to our client. ECS provide solution in three phases. For example,
- Planning Stage: We gathered information about our client’s web application and detected the potential threats to our client’s web application. Our team prepares a detailed plan and identifies the estimated time required to solve the vulnerabilities found in the application like IDOR.
- Execution Stage: To resolve the vulnerabilities in our client’s web application, our ECS experts fix all the vulnerabilities using different tools, such as Burp Suite, Nessus, Wappalyzer, and SQLMAP.
- Reporting Stage: In this stage, we prepare an in-detail report of how we performed the VAPT on our client’s web application and mention all patches have been done against the vulnerabilities of the application.
Results
- The different vulnerabilities of the web application were fixed within the timeframe.
- All error-fixing tasks were executed within the given deadline.
- Also, the data security patch was done to fix the error of the web application’s code.
- Additionally, we also found some critical errors that we corrected and made the web application free from potential errors.
Conclusion
At ECS, we not only help our client by performing the VAPT, but we prepare a detailed plan that includes audit details. We conduct retesting for patching data of the application with updates and checking the application’s functionalities.
Day-to-day report and at the end of the final work, we submit the detailed report to our client. We successfully secured the web application from potential theft and made it free from errors.