The story of DanDomain is, in many ways, the history of the Internet in Denmark. It is Denmark’s leading domain registrar and most stable hosting provider with over 70,000 customers. The company has requested Ciklum to assess and test DanDomain’s Payment system’s security (web application and web service). DanDomain needed to understand the real-world risks towards organization from the perspective of an attacker. It goes beyond the limitations of automated scanning and gives information about possible application vulnerabilities.
Ciklum’s Team has offered to use the Supervised Quality model to assess client’s team processes, provide expert guidance in developing a QA strategy, and improve planning, code creation, and code structuring.
The team has completed the following:
1. Automated crawling and scanning (unauthenticated, authenticated)
2. Manual review and customized fuzzing (unauthenticated, authenticated)
3. Vulnerabilities identification and validation, evidence collection, and risks evaluation
4. Security issues report generation (including all recommendations)
Based on the results of the Penetration testing phase, Ciklum’s Team conducted the following:
1. Security training session for application developers
2. Training presentation and security guidelines preparation
23 security issues were identified, including:
Get more details about the DanDomain project by the link below