Our team was shortlisted from a flurry of global competition for a comprehensive month-long internal audit for this bank’s open-banking APIs. This bank is one of the largest in the Middle-East region and is one of the fastest-growing too. The security audit unearthed several technical, compliance and regulatory (SAMA) gaps. This included an undocumented API which could have led to a data breach.
This NSE-listed semiconductor manufacturing company wanted to get their IT and security processes certified according to US-specific standards as well as other internal standards like NIST800-171r2. We provided a detailed compliance report and helped them close the security gaps efficiently.
The mobile application of this US-based telecom service provider can be used to make free phone calls as well as send text messages. However, little did they know that the app was leaking data inadvertently as well as the fact that malicious actors could take over someone else’s account with negligible effort. The ability to bypass geographical restrictions (using it as a nonUS customer), uncovering crucial secrets within the application and discovering that their logs were revealing more than what they should have were our other findings.
As one of the leading e-Commerce platform players, and network as well as ecosystem partner for ONDC, there is a constant need for securing their platform. We are proud to be the exclusive cybersecurity partner for this player in securing their entire digital infrastructure across their buyer/seller apps, MSME applications, the entire cloud infrastructure and the data of their sellers & end-customers.
When another player in the same segment wanted to raise a round of investment from the largest American online retailer, we were the primary partner for their security due-diligence.
When this healthcare company wanted to go for US FDA certification for their innovative pulmonary function test device, we were the preferred partner to conduct a detailed cybersecurity assessment. The assessment included their front-end software, integration points with the device, the firmware as well as regulatory aspects related to developing the device.
For another radiology software provider, our penetration testing team found issues including privilege escalation which meant that an operator could manipulate data to mimic a consulting radiologist’s remarks or comments among other issues like cross-site scripting and user-data manipulation.
By working closely with our US-based partner, we helped end clients in securing their NFT marketplaces. Our expertise in blockchain and Web3 technologies was on display, as we found high impact issues prior to the launch including by-passing NFT purchase to download the content, thereby completely invalidating the need for such a marketplace in the first place. Our in-depth knowledge of API security also came to the fore as we found issues related to replay attacks, authentication bypass which made the customer not just delighted but also fully satisfied with the value they received.