Providing a Complete Application Test
Contents
Summary
We completed tests of a new product’s web and mobile applications, helping them improve their products and providing the third-party assurance potential enterprise customers want to see.
Client need
We completed two application tests for a relatively new to market company. They had a web application and a cross-platform mobile application, and as their customer base was growing they needed to complete third-party security testing.
What we did
We completed tests of both applications, following our typical OWASP-aligned testing processes. The mobile application test was complemented by reviewing key parts of the source code, as that was the quickest way to check platform-specific functionality.
Our testing revealed one high-risk vulnerability that was relatively easy to fix. Users from one organisation could access the resources of other organisations: a classic cross-organisation resource access vulnerability. We also found potential issues in file upload functionality, and inconsistencies in how their API worked.
Client benefit
These findings helped them lock down their apps against external attacks, and the engagement satisfied their third-party testing requirements.
