Business Social Network "Best Retailer" Security Audit

Business network for creating contacts and virtual marketplace that is designed for people by people. This network helps to find new contacts, advertise your products and offer your services.

The main objective of the project was functional and cross-browser testing to ensure that web application operates accurately across multiple browsers.

Our mission was to assure stable cross-browser rendering and functionality on all website pages, high quality of website.

We also conducted usability testing to increase efficiency of applications use and reduce study time by end users.

During security audit different classes of vulnerabilities that had been included in the Web Application Security Consortium were checked.

We checked the following classes of vulnerabilities:

  • Authentication, which includes subclasses: Brute Force, Insufficient Authentication, Weak Password Recovery Validation.
  • Authorization, which includes subclasses: Credential / Session Prediction, Insufficient Authorization, Insufficient Session Expiration, Session Fixation.
  • Client-side Attacks, which include subclasses: Content Spoofing, Cross-Site Scripting (XSS), HTTP Response Splitting.  As well as Cross-Site Request Forgery (CSRF).
  • Command Execution, which includes subclasses: Format String Attack, CRLF Injection, OS Commanding, SQL Injection, SSI Injection, XPath Injection.
  • Information Disclosure, which includes subclasses: Directory Indexing, Web Server / Application Fingerprinting, Information Leakage, Path Traversal, Predictable Resource Location.
  • Logical Attacks, which include subclasses: Abuse of Functionality, Denial of Service, Insufficient Anti-automation.