Our client, a prominent branchless banking services provider in South Asia, with millions of active users, operates through a mobile application. The branchless banking app initiative is one of the world’s largest telecommunications companies across the Nordics and Asia. As per compliance with state regulations, a third-party vulnerability assessment for the fintech application was mandatory. The client found its in-house penetration testing inadequate, therefore, Ebryx was engaged for a comprehensive VAPT for South Asia’s most-used Fintech application. The outcome helped the client identify significant vulnerabilities within its core features.
The client selected Ebryx as their VAPT provider for several compelling reasons. Our strong reputation, supported by a history of successful engagements, and specialized industry expertise were standout factors. A comprehensive suite of VAPT services, skilled team, and adherence to ISO 27001 and CMMI Level 3 standards ensured trust and assurance. Clients also appreciated our customized approach, clear reporting, and effective communication, which collectively demonstrated a commitment to delivering top-tier VAPT solutions.
Ebryx was tasked with assessing the security of the client’s Fintech application. This included scrutinizing both internal and external assets for vulnerabilities that could potentially compromise the bank’s operations and the security of its users.
During the assessment, our penetration testing team found several critical and high-severity vulnerabilities in the mobile application. Of particular concern was a vulnerability in the loan feature, which allowed attackers to withdraw any amount of money from the bank. This flaw was a result of insufficient security checks and oversight during development, making it a prime target for exploitation.
The Ebryx team successfully demonstrated the financial risk posed by this vulnerability, underscoring the importance of addressing it promptly. Furthermore, they identified 7 critical vulnerabilities, some of which had persisted for years, and 4 high-severity vulnerabilities related to business logic and authentication processes.
Prior to penetration testing, the client’s mobile application had numerous critical and high-severity vulnerabilities that could have led to substantial financial losses and harm to the bank’s reputation. Our expertise and thorough assessment enabled the identification and remediation of these vulnerabilities, significantly enhancing the application’s security.
The client’s proactive approach to security assessment and engagement with Ebryx resulted in a safer and more resilient mobile application. The vulnerabilities, including those with the potential for financial losses and Personal Identifiable Information (PII) compromise, were addressed just in time. This not only prevented potential security incidents but also reinforced trust among their 10 million active users.