Cybersecurity in eCommerce: How to wipe out weaknesses

Client

Contactless vehicle rental service

Our client is an international organization that offers personal vehicle rental services online. The company owner reached out to us due to the suspicion that a data leak may have occurred in the company.

This is why the client’s web service should have been checked for vulnerabilities that may lead to user data losses, confidentiality violations, breach of confidentiality, or unauthorized access to the system.

Goals and objectives

To work on all aspects of internal safety and to prevent all data leaks from the system

01/
To identify potential weaknesses
02/
To check network safety settings and detect data leaks
03/
To analyze the update level of the system and its components
04/
To test the website’s resistance to pressure and DOS attacks.
case item pc
Solution

We checked the environment for compliance with OWASP, NIST, and ISO 27001 cyber security standards and tested it for vulnerabilities

In the process of testing web resources for vulnerability, the WEZOM team relies upon OWASP, NIST, PCI DSS, and other standards. This aspect depends on the client’s needs.

case item big image 1
Data collection for the client’s web resource

The team collected information about the architecture and components of the platform, conducted active scanning, analyzed potential vulnerabilities, and performed manual testing for false positives.

case item big image 1
Pen testing using the Back Box method.

Experts became «white hackers» and were searching for vulnerabilities in the system using all the possible methods and imitating the potential actions of real cybercriminals.

case item big image 1
Stress testing

The resource was tested for stability under pressure so that it could cope with a sharp increase in traffic and DOS attacks

case item big image 1
Result
Fixing the weaknesses in a system and a new cybersecurity strategy

We detected a range of problems and vulnerabilities in the client’s system. They were prioritized fixed and then retested. The testing for pressure has given us the advantage of making the platform robust enough for intense traffic increases and DDoS attacks.The WEZOM team has given the client the full report on the results of the analysis and introduced additional cybersecurity-ensuring steps. They included providing constant monitoring and repeated checks of the system.

This meant that the main results of the project included the minimization of risks, and providing a new cybersecurity strategy to protect the client’s business for the years ahead.

Team
DevOps
QA Engineer
QA manual and QA automation
Analyst
Team Lead of cybersecurity department
Senior cybersecurity specialist
We use cookies to improve your experience on our website. You can find out more in our policy.