Case Study

Auto MobileApp

Testing solution for Vehicle Rental Mobile App for Auto Dealers, Fleet, and other vehicle owners (Owners) to provide vehicles to drivers including those who drive for uber/lyft (Renters) in the rideshare and Transportation as a Service (TaaS) industry.

Challenges

Some of the vulnerabilities that pop out during our pentest:

  • Insecure data storage
  • Insufficient cryptography
  • The attribute uses the Cleartext Traffic set
  • Task Hijacking 
  • Untrusted External Storage File Access
  • Information leakage was also detected

 

Remediate

We identified potential issues of network attack where access might be gained through internet-connected servers or network equipment by individuals outside the application who lack appropriate rights or credentials.

We then conducted a mock attack to test security controls, developing and presenting a cybersecurity assessment on findings, solutions, and recommendations that the application can use to remediate the issue.

  • We start by performing reconnaissance over the span of several days to assess potential vulnerabilities from all angles.
  • Next, we put ourselves in potential attackers’ shoes to determine overall risk and valuation. 
  • Based on what we know about current capabilities, strategies, techniques, and tools, we documented digital assets that are at risk. 
  • We then prioritized that risk based on the net asset value were a loss event occurs.
  • To put our findings to the test, we simulate ethical hacking attacks that are primarily focused on high-value target assets. 
  • Those tests are customized to align with the application’s environment, vulnerabilities, and technologies. 
  • Findings are prioritized and compiled into our recommendations to help them focus resources on areas that could mitigate the most significant potential loss.

Deliverables

A comprehensive report documenting all identified gaps, deficiencies, and vulnerabilities in detail. The final report included the topics listed below.

  1. a) Executive Summary: A Summary of the Scope, Approach, Findings, and recommendations.
  2. b) Core Findings along with Risk Analysis: A view of the core findings along with screenshots.
  3. c) Detailed Findings: The observations are thoroughly examined and categorized as Critical or Non Critical. Furthermore, the risk associated with each observation is assessed and classified as Very High, High, Medium, or Low, depending on its potential impact.
  4. d) In-depth analysis of findings/Corrective Measures & Recommendations along with Risk Analysis.
  5. e) Suggestions and Best Practices.