VST

Verve Square Technologies
Get In Touch

Security Testing for Campaign Management Web Application

  • Banking Application
  • Location
  • Security Testing

CONTEXT

A US-based bank sought to conduct Dynamic Application Security Testing (DAST) on its campaign management web application using a structured Vulnerability Management Process. The application was developed using ASP.NET MVC, a framework by Microsoft, and had four distinct user roles and logins.

View All Case Studies

Challenges

  • The bank’s key objective was to ensure a secure online banking portal without any technical or design flaws, while providing a smooth user experience.
  • The ASP.NET application used various functionalities such as Authorization and Authentication, Master Pages, Data Binding, User Controls, and ASP.NET Routing.

Solution

  • Conducted both automated and manual Vulnerability Assessment and Penetration Testing (VAPT) to identify security vulnerabilities.
  • Created video Proof of Concepts (POCs) for all identified security threats during attack simulations.
  • Mapped the entire website, documenting each URL and parameter passed to ensure a comprehensive security assessment.
  • The security assessment was executed with minimal interruption, identifying vulnerabilities, impacts, and potential risks.
  • Used tools like Burpsuite, Acunetix, Netsparker, Tenable Nessus, Nikto, and IronWASP to detect security vulnerabilities.
  • Performed a code review in collaboration with the development team to validate and remediate vulnerabilities directly.

Value Delivered

  • Identified and mitigated all security vulnerabilities while reducing false positives through manual verification.
  • Provided detailed information, proof of concept examples, and exploitation instructions for all identified threats.
  • Developed a centralized vulnerability tracker in Excel to help the IT asset owner monitor vulnerabilities, remediation status, and action items.
  • Implemented a centralized dashboard for managing vulnerabilities, along with a task force team for overseeing the entire security management activity.
  • Followed OWASP guidelines for conducting the Web Application Security Assessment.
  • Established a risk rating system based on organizational Standard Operational Procedures.
  • Provided an overview of the engagement, outlining discovered vulnerabilities and recommendations for mitigation.
Related Case Studies

Mobile App Test Automation with TDD Telecommunications (Cable) Location Performance Testing CONTEXT Elyments is an India-based mobile application similar to...

Read More

Test Automation with Robot Framework Telecom Location Test Automation CONTEXT Telecom service company in Saudi Arabia that provides mobile and...

Read More

UI & API Test Automation with BDD (Selenium + Java + Cucumber) Financial Services Location Test Automation CONTEXT Wealth Engine...

Read More
View All Case Studies