Web application security assessment for a wellness services company

Web application security assessment for a wellness services company

Client need

Ensuring security of web application

Our client, a prominent provider in wellness services industry was keen on ensuring the robustness and security of their web application platform. They had recently developed a backend-to-backend REST interface for their software and wanted to ensure that it was free from vulnerabilities, especially given the sensitive nature of the data they process.

The client sought a comprehensive security assessment of their web portal application and its interfaces, with a particular focus on risks described in the OWASP Top 10 standard.

We delivered

Gray box security assessment

Fraktal's team of cyber security experts approached the task with a gray box testing model, working closely with the client's technical team. The assessment was conducted in a staging environment to ensure no disruptions to the live service.

Reporting the findings

Upon presenting our findings, we collaborated with the client's technical team, providing them with detailed steps and best practices to address each vulnerability. Our proactive approach and actionable insights enabled the client to fortify their web service, ensuring a safer environment for their end users.

Additional recommendations

Beyond the critical vulnerabilities, our team also provided recommendations for long-term security enhancements, such as:

  • Strengthening user password policies to ensure they meet robust criteria.
  • Requiring users to authenticate (provide their password) when changing their email address.
  • Implementing a verification process for new email accounts.
  • Proposing security hardening measures specifically tailored for the client's web application platform.

Technologies and methods

OWASP WSTG

Our expers follow the OWASP Web Security Testing Guide (WSTG) to provide consistent high quality testing services.

OWASP Top 10

OWASP Top 10 is a standard awareness document for developers and web application security. It forms a starting point for most of web application penetration testing assignments.