Software Development

A customer produces web-based software, for the management of environmentally relevant measurement data. As the data is critical for the end customer, the software manufacturer wants to verify that no unauthorized access is possible. The Securai was commissioned to perform a web application penetration test.

The assessment starts after a preliminary discussion, which clarifies the aims of the penetration test. The experts of the Securai follow the OWASP Top Ten, the OWASP ASVS as well as an in-house checklist to systematically identify vulnerabilities in the application.

It was possible to identify multiple vulnerabilities, some of which were critical. Among other things, an arbitrary remote code execution on the web server was discovered and the authorization management could be bypassed. The customer used the results to secure their software. The subsequent retest verified that the vulnerabilities were correctly closed.