DanDomain - Ciklum

DanDomain

SITUATION

The story of DanDomain is, in many ways, the history of the Internet in Denmark. It is Denmark’s leading domain registrar and most stable hosting provider with over 70,000 customers. The company has requested Ciklum to assess and test DanDomain’s Payment system’s security (web application and web service). DanDomain needed to understand the real-world risks towards organization from the perspective of an attacker. It goes beyond the limitations of automated scanning and gives information about possible application vulnerabilities.

SOLUTION

Ciklum’s Team has offered to use the Supervised Quality model to assess client’s team processes, provide expert guidance in developing a QA strategy, and improve planning, code creation, and code structuring.

The team has completed the following:

1. Automated crawling and scanning (unauthenticated, authenticated)

2. Manual review and customized fuzzing (unauthenticated, authenticated)

3. Vulnerabilities identification and validation, evidence collection, and risks evaluation

4. Security issues report generation (including all recommendations)

Based on the results of the Penetration testing phase, Ciklum’s Team conducted the following:

1. Security training session for application developers

2. Training presentation and security guidelines preparation

RESULT

23 security issues were identified, including:

  • 5 critical risk;
  • 16 high-risk;
  • 1 medium and 1 low risk issues;
  • Organized a security training and consulting session based on OWASP’s top 10 project materials. Prepared a live demonstration of common and identified vulnerabilities.

Get more details about the DanDomain project by the link below

Download now