Transparency and Security for a Global Footprint: How this Finance company secured their Automated Home Loan Platform.

Worried about your Cyber Defences? This Finance company democratized homeownership by making the process faster, easier, and more transparent with DataWelkin's Penetration Testing. Learn how they achieved success.

Introduction

Our client is a US based startup made up of a team of experts in investment, finance, design, data science, and technology who aim to be market disruptors by delivering an automated/real time home loan approval experience. By wanting to break the hold of bigger financial institutions, they built a financial platform and app that lets customers easily determine their eligibility and provide access to hidden rates previously only accessible to brokers, all in one place. This innovative startup is on a mission to democratize homeownership by making the process faster, easier, and more transparent.

Challenge

Aiming to provide a 100% secure platform, the client engaged DataWelkin to perform penetration testing of their web platform and mobile applications. Owing to the nature of this business, we faced Dynamic Environments where Systems were constantly evolving with updates, patches, and new features. Testing in dynamic environments required adaptability to changes and necessitated frequent retesting. We also had to work across time zones with a development team having a global footprint.

Addressing these challenges required a combination of technical expertise, clear communication and meticulous planning.

Approach

The penetration test's main goal was to check if it was possible to compromise applications to get unauthorized access to company resources or its users' data. We adopted penetration testing methodology based on the most well-known and established penetration testing guides such as the Open Web Application Security Project Testing Guide, Open-Source Security Testing Methodology Manual, Penetration Test Guidance for PCI DSS Standard, and NIST Technical Guide to Information Security Testing and Assessment.

Leveraging methodologies from these sources ensures that the penetration testing process is well-structured, systematic, and aligned with industry standards. This enhanced the credibility and trustworthiness of the penetration testing process and the findings reported to stakeholders.
Feature Icon

Results


    During the assessment, DataWelkin’s Pen Test team could not compromise the platform or relevant infrastructure. However, the assessment revealed several vulnerabilities with high, medium, and low risks, including:

    • Insecure local storage of user data within mobile apps
    • Insufficient anti-reversing protection of mobile apps
    • Insecure web session management mechanisms
    • Weak user password quality control and username enumeration
    • Cross-site scripting vulnerabilities within the administrative interface
    • Leakage of potentially sensitive information
    • Use of vulnerable dependencies
    • Examples of incorrect session handling and unsafe data storage were seen in mobile applications

    DataWelkin provided recommendations to eliminate each vulnerability.
Feature Icon

Benefits


  • By aligning with established penetration testing methodologies, DataWelkin provided the client with a robust and reliable assessment of their security posture, helping them identify and address vulnerabilities effectively. The client gained insights into potential loopholes and vulnerabilities that could be exploited by malicious actors.


  • DataWelkin's expertise in this area undoubtedly provided valuable insights to bolster the platform's security posture. The client was able to impress their investors before the next funding round by provide evidence of this penetration testing.

Key Learnings

Enhancement of Security Awareness: Penetration testing provides valuable insights into the organization's risk profile helping them make informed decisions about risk mitigation strategies and resource allocation.

Continuous Improvement: Penetration testing is not a one-time activity but an iterative process. Organizations should use the findings from testing to continuously improve their security posture, address vulnerabilities, and adapt to evolving threats.

Communication and Collaboration: Effective communication between testers, stakeholders, and IT teams is essential throughout the testing process. Collaborative efforts facilitate the sharing of findings, understanding of risks, and implementation of remediation measures.

Validation of Security Policies: Testing validates whether security policies and procedures are implemented effectively in the organization. It assesses compliance with regulatory requirements and industry standards, helping ensure adherence to best practices.

Get in Touch with us

Speak to Us(+61) 482 012 275

Email Usinfo@datawelkin.com

Contact UsContact us form