Leading Fin-Tech platform performs Application security testing for secure payment
Industry
Fin-Tech
Services
Security Testing
Client Overview
A leading Dubai-based Fin-Tech organization specializing in B2B transaction and Merchant based payment system.
Problem Statement
To enable a secure and fast online transaction.
To securely manage merchant-based payment system.
To maintain secure transactions through e-Wallet.
To establish secure EMI-based e-Payment.
Implement strong password policies to avoid insecure password transmission and storage.
Check the integrity of third-party vendors.
Tech Stack
Solution Approach
Upon manual and automated analysis of the target, we found out that there are multiple vulnerabilities present in the payment gateway service, Merchant management system as well as few third-party vendors.
Properly detailed reports were given along with the recommendation.
Few other things to consider:
Perform proper VAPT assessment before deployment of new services.
Secure coding guidelines have to be followed.
Benefits
Upon manual and automated analysis of the target, we managed to find 3 critical, 9 high, 11 medium, and 4 low severity issues.
Our team has given a recommendation along with the proof of concepts of the vulnerabilities.
Our security team has managed to find few a business logic vulnerabilities that can cause a huge amount of financial loss and an attacker can be able to pay someone without paying the actual amount.
We have identified that few sensitive endpoints didn’t have any proper access control mechanism and attackers can use those endpoints to gain bank details, user email, and other PII data.