Get In Touch

Banking Application Security Testing for Campaign Management Web Application

Campaign Management Web Application

Clients

Banking Application

Services

Security Testing

A US-based bank wanted to perform Dynamic Application Security Testing on its campaign management web application using a Structured Vulnerability Management Process. 

The application, developed using ASP.NET MVC, follows the Model-View-Controller (MVC) architectural pattern, dividing the application into three primary components: the model, the view, and the controller.

Objective

Featured work things we've made.​

  • The client’s key business goal was to provide a safe and secure online banking portal.
  • Ensuring the website was free from technical or design flaws while delivering a smooth banking experience was crucial.
  • The ASP.NET application utilized functionalities such as Authorization and Authentication, Master Pages, Data Binding, User Controls, Memberships, and ASP.NET Routing.

Solution

Solutions

  • Conducted Vulnerability Assessment and Penetration Testing (VAPT) on the web application, covering four distinct user roles and logins.
  • Both Automated and Manual testing of the application was performed.
  • All false positives from the automated scans were manually verified.
  • Security Assessment was carried out with minimal interruption and damage across customer systems to identify vulnerabilities, impacts, and potential risks.
  • Code Review was conducted to detect, validate, and remediate vulnerabilities directly with the development team.
  • A centralized dashboard was established to manage vulnerabilities, with a central task force team overseeing the entire activity.

Value Delivered

Value Delivered

  • Captured video POCs of all security threats during the attack vector simulations.
  • Mapped the entire website’s functionality, including detailed information about URLs and parameters.
  • Provided detailed proof of concept examples and exploitation instructions for all identified threats.
  • Created an Excel Tracker for the IT asset owner to keep track of vulnerabilities, remediation status, and action items.
  • Conducted the Web Application Security Assessment according to OWASP Guidelines.
  • Defined risk ratings based on organizational Standard Operating Procedures.
  • Used tools such as Burp Suite, Acunetix, Netsparker, Tenable Nessus, Nikto, and IronWASP.
  • Delivered an overview of the engagement, vulnerabilities discovered, and recommendations to mitigate identified loopholes.

Select Case Studies

Explore more of our works

Branding

Creative Branding For ABC Studio

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Branding

Creative Branding For ABC Studio

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Branding

Creative Branding For ABC Studio

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Take the next step.

Let’s give your project a go!

Contact Us