The Company was gearing up for a public launch and needed a comprehensive penetration test to confirm that their top-up system was secure and trustworthy for new users.
To achieve ISO 27001 certification, they required a thorough security audit aligned with industry standards and best practices.
Conducted a Grey Box pentest over one month (from asset gathering to final reporting) using the OWASP Web Security Testing Guide (WSTG) as a framework.
Incorporated automated Vulnerability Assessment tools like Nessus for a two-week scan, followed by remediation by Company’s tech team and a final retest by Peris.ai.
Provided admin-level access to thoroughly test all website features and identify any potential bugs or system flaws.
Delivered a Final Report compiling all findings, their severity levels, and actionable remediation steps.
Through thorough testing and strategic investment, we successfully prevent vulnerabilities in systems, websites, and infrastructures. For example
An IDOR (Insecure Direct Object Reference) was found in the voucher retrieval endpoint, preventing unauthorized users from accessing others' voucher codes.
We detected a missing rate limit on an API endpoint, which could have allowed brute-force attacks and excessive server load. By addressing this, we enhanced system security and stability.
Pandava is Peris.ai’s cutting-edge platform for Vulnerability Assessment & Penetration Testing (VAPT), designed to systematically identify, analyze, and remediate security risks in digital infrastructures.
.svg)
Hackers, assembled.
United Arab Emirates (UAE)
VD-First Floor Incubator Building
Masdar City, Abu Dhabi
Indonesia
Tokopedia Care Tower Lt 16
Jakarta Barat (11740)
.avif)
