Description
Client: Unifonic
Category: Product Security
Date: 28 June 2023
Unifonic offers companies in the Middle East platforms with seamless, multilingual, enterprise-grade communications at reasonable prices. The business has assisted various organizations in developing efficient customer communication since its founding in 2006. Up until this point, it has served more than 160 million recipients and more than 5000 commercial accounts.
Before they met us
- Unifonic operates through a Web Application that plays a crucial role in providing services to its clients. This web app works as the link between Unifonic and the companies it works for.
- Our client was experiencing some hindrances while using the web applications. They were suspicious of vulnerabilities that might lead to cyberattacks in the future.
- Also, they were having functional issues with the web app every now and then.
- Unifonic needed thorough testing and overhauling of its web application from the security point of view.
How we addressed the problem
- We planned and executed a complete vulnerability scan to gather security weaknesses on the targeted Unifonic web application.
- Our team gathered all the data required to address the problems obstructing the client’s business operations associated with the web app.
- To evaluate the effects of each vulnerability and offer solutions, we conducted thorough penetration testing.
Methodologies Used
- Reconnaissance, Mapping, and Vulnerability analysis before executing the test.
- Thorough Penetration Test adhering to key security testing standards such as OWASP Security testing and OSSTMM guidelines.
- Credentialed Patch Audit without using the production environment.
- Authentication and Session Management along with Business Logic and Client-Side Security Testing.
Tools Used
For vulnerability scanning: Burp Suite and Nessus Professional.
nMap for network security testing.
With the aid of Wireshark, data flow (incoming and outgoing) analysis was done.
BeEF to assess the effects of outside attacks on the program caused by browser exploits.
Database exploitation with SQL Ninja.
Results and Recommendations
Unifonic’s web application was not in line with the required security standards. It was studded with loopholes that might have resulted in catastrophic security incidents.
We delivered a comprehensive Security Audit Report (SAR) stating all the vulnerabilities and their potential impacts.
Additionally, we recommended measures to remediate all the security flaws within the web application.
We also assisted the client to draft a security policy that will keep Unifonic’s web app intact in terms of security.
