VAPT for a Learning Management Portal

Client Background
Client is a leading player providing learning management systems for higher education and K12
markets in the United States and globally. 

Business Context
Client had a Learning Management Platform, which serves a platform to offer online training
programs, schedule classes, create/manage courses, create/manage classes, dashboard for
comprehensive view etc. The platform also provides to create/manage roles and profiles. Learning
Management Platform had been designed and deployed in the Cloud. Client expected that the
Learning Management Portal is tested for the OWASP top 10 vulnerabilities. 

How did we help the Client?
Scanned the platform for the top 10 OWASP vulnerabilities, came with vulnerability findings report
and provided recommendations on how to fix those vulnerabilities.

Customized web application penetration testing solution with focus on role based checks was
delivered.

Exploited the system by performing application penetration testing for the platform making use of
wide range of tools.

Every major release that goes lives had been validated by us giving greater confidence in the go live

Benefits Delivered
15 critical security defects were unearthed – CSRF, Role based privilege, DoS attack, Session
Hijacking- as part of this exercise.

Application vulnerability issues were rectified with shorter turn around based on the precise
recommendation provided from our end.

Higher confidence delivered to the Client in their go-live by suggesting remedial measures to the
issues detected