About the Client
HDFC is an Indian Private Company that provides customers life insurance products as well as insurance for other valuable assets as well.
Web Application Penetration Testing
Indian Cyber Security Solutions main task was to work on the source code review for HDFC Life Insurance Limited. The primary goal of this code review was to identify any potential areas of concern associated with the application in its current state and determine the extent to which the system may be breached by an attacker. The assessment was performed in accordance with the “best-in-class” practices as defined by Open Web Application Security Project (OWASP).
Indian Cyber Security Solutions was ready to perform the Web-based application penetration testing on their website. ISO 27001 lead auditor and Web Application Penetration tester were assigned to take up this challenge. The project was to be done in 3 stages and to be delivered within 22 working days.
The project was done in the following steps:
The scope of work was defined by the client (HDFC Life Insurance Limited). The layout of the web application was share with Indian Cyber Security Solutions. NDA documents (Non-Disclosure-Agreement) signed between both parties.
The 2nd Stage of risk management and mitigation has started, evaluating the key assets involved in web applications such as firewalls, IDS, IPS, routers, and others. One medium level vulnerability was found by Indian Cyber Security Solutions such as Out-of-date Version (jQuery), One medium level vulnerability was found by Indian Cyber Security Solutions such as 'Active Mixed Content over HTTPS' etc.
Stage 3: Rectification as per suggestion
The 3rd stage which is the most important stage of the project as the client was suggested the rectification from Indian Cyber Security Solutions and the client had to patch up vulnerabilities as per the suggestion. The HDFC Life Insurance Limited web Developers were able to find out solutions as per the suggestion mentioned by the Indian Cyber Security Solutions team.
Stage 4: Final Assessment and VAPT project submission
At the end of the 12th working day, HDFC Life Insurance Limited Web Developers had already patched the medium level vulnerabilities found by the Indian Cyber Security Solutions team. The final stage of vulnerabilities assessment had begun as the Indian Cyber Security Solutions team members had started retesting the web application as mentioned in the scope of work to find out all the medium level vulnerabilities which were found previously and were patched and no high or medium-level vulnerabilities prevail. Indian Cyber Security Solutions team was able to generate the VAPT report and handed over the document to the client along with the certificate. Indian Cyber Security Solutions team had again achieved and completed the assigned task within the stipulated time. Indian Cyber Security Solutions team had again shown high-quality professionalism by meeting up the deadlines and living up to customer's expectations.
The customized reports were provided to the Client as per their requirements the details are mentioned below:
The benefits are discussed below by conducting thorough security tests and identifying the vulnerabilities: