Business Social Network "Best Retailer" Security Audit

Business Social Network "Best Retailer" Security Audit

Executive Summary

Business network for creating contacts and virtual marketplace that is designed for people by people. This network helps to find new contacts, advertise your products and offer your services.

Key challenges and actions for project completion

The main objective of the project was functional and cross-browser testing to ensure that web application operates accurately across multiple browsers.

Our mission was to assure stable cross-browser rendering and functionality on all website pages, high quality of website.

We also conducted usability testing to increase efficiency of applications use and reduce study time by end users.

During security audit different classes of vulnerabilities that had been included in the Web Application Security Consortium were checked.

We checked the following classes of vulnerabilities:

  • Authentication, which includes subclasses: Brute Force, Insufficient Authentication, Weak Password Recovery Validation.
  • Authorization, which includes subclasses: Credential / Session Prediction, Insufficient Authorization, Insufficient Session Expiration, Session Fixation.
  • Client-side Attacks, which include subclasses: Content Spoofing, Cross-Site Scripting (XSS), HTTP Response Splitting.  As well as Cross-Site Request Forgery (CSRF).
  • Command Execution, which includes subclasses: Format String Attack, CRLF Injection, OS Commanding, SQL Injection, SSI Injection, XPath Injection.
  • Information Disclosure, which includes subclasses: Directory Indexing, Web Server / Application Fingerprinting, Information Leakage, Path Traversal, Predictable Resource Location.
  • Logical Attacks, which include subclasses: Abuse of Functionality, Denial of Service, Insufficient Anti-automation.
Type of testing completed
Key benefits for customer
  • Detailed analytical report, which provides an independent and objective assessment of the real state of your information security
Project team

1 QA leader, 2 test engineers

QA duration

Over 800 man-hours

Types of projects
Platforms and tools
Delivery packages
Case Studies
Knowledge Center
Subscribe

*- required fields