Our client, a leading US-based file-sharing and synchronization services provider, met with a substantial security challenge tied to their publicly accessible infrastructure. Their product caters to businesses seeking secure file sharing and collaboration via a versatile cloud-based solution, allowing customized integration across various industries. However, prior to engaging Ebryx, they were struggling with exploitable vulnerabilities, posing risks to their infrastructure and extensive customer base.
The client turned to Ebryx for its proven expertise in penetration testing. In fact, the client had recognized the need for a comprehensive evaluation of their security measures, including their publicly accessible infrastructure. They recognized our commitment to thorough evaluations, which included a blend of black-box and white-box testing methodologies. Our expert team’s proficiency in identifying vulnerabilities and providing actionable recommendations, coupled with our compliance with industry standards, set us apart as a trusted partner for enhancing their security posture.
Our task was to conduct a thorough gray box penetration test on our client’s assets. This involved evaluating multiple tenants within their infrastructure and identifying vulnerabilities that could compromise both their security and their customer data.
Our dedicated penetration testing team meticulously assessed our client’s public infrastructure. They uncovered a substantial number of vulnerabilities, ranging from High to Low severity. These vulnerabilities not only posed a direct threat to our client’s security but also opened new avenues for potential attacks and financial abuses.
One alarming discovery was the ability for a user to store an XSS payload within a file name. Any user attempting to access the file with this payload triggered the payload, potentially allowing an attacker to perform browser-based tasks on behalf of the user. Additionally, our team identified a method for malicious users to bypass storage limits, which could lead to financial losses, as this limitation was part of our client’s business model.
Furthermore, we reported multiple access restriction flaws and highlighted the absence of proper rate limiting, which exposed the system to brute force attacks on verification tokens, which would have enabled attackers to take over user accounts.
Our penetration testing activity identified multiple vulnerabilities of varying severity, underscoring the urgent need for remediation. This assessment provided our client with crucial insights into their security weaknesses and vulnerabilities, empowering them to take prompt action.
As a result of our engagement, our client was better equipped to secure their infrastructure and customer data. Our expertise and thorough assessment allowed them to address vulnerabilities and enhance their security measures, significantly improving their overall security posture.
In summary, by choosing Ebryx for penetration testing, our client was able to identify and mitigate vulnerabilities, ensuring the security and integrity of their file-sharing and synchronization services.
GET IN TOUCH!
info@ebryx.com
+1 603-912-5385
389 Main Street, Unit 5
Salem, NH 03079
