A specialized investment advisory consultancy firm with a global presence has developed a web application that allows customers to access their investment portfolio.Futurism Technologies helps an Investment Advisory firm to secure the investment portfolio management system against cyber-attacks
- The platform was built on open source technologies, it was subjected to repeat hacking there by leading to business shutdown and loss of sensitive data.
- The customer worked with Futurism Technologies to define proactive steps to validate security controls of the application and infrastructure. This decision was made considering the vulnerability of web applications, and importance of data and trends in IT security management.
- During the VAPT (Vulnerability Assessment and Penetration Testing), we found several security vulnerabilities in the web application, such as SQL injections, cross-site scripting, etc. The critical fault was ‘Insecure file upload’, which allowed uploading exploited script, which allowed the user to get complete read-write access to the confidential database.
- SQL Injection
- Penetration Testing Tools
- Evaluate weakness of overall solution from Security point of view (RA)
- Analysis of architectural and system configuration.
- Gap analysis for Identification of vulnerabilities
- Assessment for penetration testing (VAPT)
- SSH and SSL attacks (Man in the Middle) and Brute Force tests on proprietary protocol
- Open Ports and Vulnerability Scanning; Patch Auditing
- WEB Interface vulnerability scan and SQL Injection
- Robustness Tests on SIP and HTTP Interfaces
- Assessment reporting with security improvements recommendations