WordPress website testing solution for a company that offers a unique model of combining technology partnership, incubation, and domain/tech acceleration capabilities for founders.
Challenges:
As a very reputed company, they want their website and cloud data to be very secure and available all time. Also, they want to make sure that their website is free from OWASP Top 10 vulnerabilities. Our challenge was to test the website for OWASP top 10 vulnerabilities and to fix all possible threats as per international standards within the stipulated time.
Solution:
We started black box and white box penetration testing of the entire website and cloud infrastructure based on industry-centric security checklists. After the testing, we found many vulnerabilities in both website and cloud infrastructure which can be categorized into critical, high, medium, and low as per their severity. We created detailed reports for addressing vulnerabilities with proof of concepts. Almost all the vulnerabilities identified were related to insecure coding practices. So, we have provided each Severity type with a certain time under which that issue should be fixed. During that period our team was frequently supporting the developers to fix those issues quickly. After the fix was completed, our team re-audited the website and cloud again to check whether the fixes are done perfectly or not.
Deliverables:
A comprehensive report documenting all identified gaps, deficiencies, and vulnerabilities in detail. The final report included the topics listed below.
- a) Executive Summary: A Summary of the Scope, Approach, Findings, and recommendations.
- b) Core Findings along with Risk Analysis: A view of the core findings along with screenshots.
- c) Detailed Findings: The observations are thoroughly examined and categorized as Critical or Non Critical. Furthermore, the risk associated with each observation is assessed and classified as Very High, High, Medium, or Low, depending on its potential impact.
- d) In-depth analysis of findings/Corrective Measures & Recommendations along with Risk Analysis.
- e) Suggestions and Best Practices.
