About the Client
CommLab India came into existence 20 years back – the result of synergy between two diametrically opposite people – a dreamer and a doer, with a background in management and training, and a shared hunger to succeed and help others succeed. In 2000, we had just one computer and a cramped office space but were never short on ideas.
Our vision was to empower employees and businesses worldwide with great learning – any time, any place, and later (when mobile technologies came on the scene), on any device as well. We are pleased to say that we were amongst the pioneers in eLearning worldwide, and along the years, have steadily gone up a steep learning curve ourselves, and as learning professionals, are committed to lifelong learning and helping others learn.
The Challenge
Web Application Penetration Testing
Rapid eLearning Solutions was facing Web-based application Security Challenge. They had to undergo a Web Application penetration testing to secure their Website. Our Web Application Penetration tester was asked to take up the challenge and secure the website by undergoing Web Application penetration testing.
Vulnerability discover -
- Forbidden Resource
- OPTIONS Method Enabled
The Solution
Indian Cyber Security Solutions was ready to perform the Web-based application penetration testing on their website. ISO 27001 lead auditor and Web Application Penetration tester were assigned to take up this challenge. The project was to be done in 3 stages and to be delivered within 15 working days.
The security assessment steps are as follows:
Stage 1:
The scope of work was defined by the client (AYSIT Solutions). The layout of the web application was share with Indian Cyber Security Solutions. NDA documents (Non-Disclosure-Agreement) signed between both the parties.
Stage 2:
Risk Management & Mitigation
The 2nd Stage of risk management and mitigation has started, evaluating the key assets involved in the web application such as firewalls, IDS, IPS, routers and others. Critical & High level vulnerabilities were found by Indian Cyber Security Solutions such as ‘Sql Injection‘.
Stage 3:
Rectification as per suggestion
The 3rd stage which is the most important stage of the project as the client was suggested the rectification from Indian Cyber Security Solutions and the client had to patch up vulnerabilities as per the suggestion. The AYSIT Solutions web Developers were able to find out solutions as per the suggestion mentioned by the Indian Cyber Security Solutions team.
Stage 4:
Final Assessment and
VAPT project submission
At the end of the 10th working day, AYSIT Solutions Web Developers had already patched the medium level vulnerabilities found by the Indian Cyber Security Solutions team. The final stage of vulnerabilities assessment had begun as the Indian Cyber Security Solutions team members had started retesting the web application as mentioned in the scope of work to find out all the medium level vulnerabilities which were found previously and were patched and no high or medium-level vulnerabilities prevail. Indian Cyber Security Solutions team was able to generate the VAPT report and handed over the document to the client along with the certificate. Indian Cyber Security Solutions team had again achieved and completed the assigned task within the stipulated time. Indian Cyber Security Solutions team had again shown high-quality professionalism by meeting up the deadlines and living up to customer’s expectations.
The Deliverable
Executive Presentation:
Overview of the entire application, the vulnerabilities found and the recommendations were made to mitigate the threats identified on the software.
Detailed Technical Report:
Detailed Technical Report has been generated on the basis of Proof-of-Concept, detailed exploitation of all the identified vulnerabilities.
Excel Tracker:
Vulnerability tracker aimed at helping the IT assets owner keep track of the vulnerabilities, remediation status, action items, etc.
The Benefits