Cooking Up Stronger Security For A Leading Meal-Kit Provider

Cooking Up Stronger Security For A Leading Meal-Kit Provider
Cooking Up Stronger Security For A Leading Meal-Kit Provider
Posted by Editorial Staff
Contents
Client OverviewWhy the Client Chose UsProject OverviewHow Ebryx RespondedResults and Outcomes

Client Overview

Our client was a prominent and widely recognized unicorn in the meal-kit industry, operating across the United States and several European regions. The goal was to determine whether our team could assist the client in strengthening the security of their various brands and products, consequently enhancing their overall security measures.

Why the Client Chose Us

The client opted for our services in web penetration testing for several notable reasons. Our specialization in their specific industry and the expertise backed by certifications, such as CEH and CISSP, made us their choice. They found our utilization of cutting-edge tools and tailored approaches to address their unique security requirements particularly appealing. Past successes and our adherence to industry compliance standards provided a foundation of trust. They recognized our team’s potential to enhance their security measures and ensure the security of their brands and customers.

Project Overview

Our mission was to assess the security of our client’s multiple brands and products, evaluating them for vulnerabilities that could impact their customers. The primary focus was on Account Takeover, Personal Identifiable Information (PII) Disclosure, and server-side misconfigurations.

How Ebryx Responded

During our assessment, our penetration testing team discovered critical, high, and medium-severity vulnerabilities that posed potential risks. One of the most critical vulnerabilities was an Account Takeover issue related to their token generation method. The token was generated based on epoch time – a numerical representation of the date and time since January 1, 1979. Exploiting this vulnerability, we executed a Race Condition attack on the vulnerable API, allowing us to take over victim accounts by obtaining the same token simultaneously.

It is worth noting that this vulnerability had gone unnoticed by both the client’s in-house team and previous third-party entities that had conducted penetration tests on their system. This vulnerability, which affected all their brands, put their customers at risk for potential account takeovers.

Results and Outcomes

Our collaboration with the client proved to be mutually beneficial. The client had an opportunity to assess our skills, leading them to approach us for additional dedicated projects. Simultaneously, the client significantly enhanced its security posture. This improvement not only protected the client’s reputation but also reassured their customers of a safer and more secure experience.

Share the article with your friends

Related Posts

Cloud Technology is the future. What happens When hackers break In?
Blog
Cloud Technology is the future. What happens When hackers break In?
Posted by Editorial Staff Cloud technology has revolutionized business. In the age of lightning fast connectivity and communication, productivity and innovation have soared. Unfortunately, cloud environments are vulnerable to attack
May 22, 2023
3 Min Read
Investigating A Dangerous Breach In The Telecommunication Sector
Blog
Investigating A Dangerous Breach In The Telecommunication Sector
Posted by Editorial Staff In mid 2021, an organization in the telecommunication sector suffered a breach in their cybersecurity. Hackers compromised the company’s online services to target their end-users– putting
May 22, 2023
3 Min Read
An Attempted Heist:How Ebryx Countered Cybercriminal Group Lazarus
Blog
An Attempted Heist:
How Ebryx Countered Cybercriminal Group Lazarus
Posted by Editorial Staff In late 2018 cybercriminals conducted a multimillion-dollar raid on a mid-sized bank. In the chaotic aftermath of the breach, one of the country’s largest banking consortium
May 22, 2023
3 Min Read

Have questions?
Let's talk.

Ebryx experts are ready to answer
your questions.
Contact us
ebryx-logo-footer

GET IN TOUCH

info@ebryx.com+1 603-912-5385

ADDRESS

389 Main Street,
Unit 5 Salem, NH 03079

SERVICES

Managed SOC ServicesPenetration Testing ServicesSecurity R&DApplication SecurityCybersecurity Staff
AugmentationSecurity GRC Services

SOLUTIONS

ZTNAVPN ReplacementSecure Access to Enterprise ApplicationsMicro-SegmentationNAC AlternativesSecure Cloud Access
Resources
Case StudiesData SheetsSlide DecksBlogs

CONNECT WITH US

ContactCareers
cmmi-logo-footer
© Ebryx            Cookie Policy           |   Privacy Policy
|    Information Security Policy
ebryx-logo-footer-mobile

GET IN TOUCH!

EMAIL

CUSTOMER SUPPORT

ADDRESS

Services

Managed SOC Services
Penetration Testing Services
Security R&D
Application Security
Cybersecurity Staff Augmentation
Security GRC Services

Solutions

ZTNA
VPN Replacement
Secure Access to Enterprise Applications
Micro-Segmentation
NAC Alternatives
Secure Cloud Access

Resources

Case Studies
Data Sheets
Slide Decks
Blogs

Connect With Us

Contact
Careers
cmmi-logo-mobile-footer
iso-logo-mobile-footer

Follow Us On Socials

© Ebryx            Cookie Policy          
Privacy Policy