Cutting edge tech needs cutting edge security
Credit Saison India built a robust app stack to store and handle their clients’ financial data, and use sophisticated analytics to manage their operations. Their engineering team used a decentralised microservices stack hosted on a scalable AWS cloud layer to handle a high volume of transactions.
The app needs to constantly communicate with third party services, which meant we had to test the security and integrity of data in transit. To secure their internal APIs against brute-force attacks, we recommended they implement a stronger SAML authentication across the board.
Our team also set up a regression suite, codifying the vulnerabilities we found into exploit automation scripts. These were included in Credit Saison’s build pipelines to test for vulnerabilities on every release.
Since the app had to pull in a lot of data from the ERP and supply chain systems, we45’s assessment focused on uncovering flaws that would allow for unauthorised access to data, or the manipulation of data in transit.
This was where our client saw their most serious security vulnerabilities, including unrestricted file uploads by users and lower-privilege users being able to access datasets they weren’t authorised for. Naturally, this wasn’t good for
data confidentiality.
The company’s engineers worked quickly. By using randomly generated values to identify datasets in the backend, they remediated the vulnerabilities we’d identified, patching up the most critical ones first.