VAPT for an Education Fund Providers Portal

Client Background
Client is a leading player in providing education funds to university students across Africa and Asia.

Business Context
Client had a platform, which serves to bridge the gap between education fund providers and
education fund seekers. The platform had been designed and deployed in the Cloud. Client wanted
an assurance their portal was safe and secure by ensuring there were no evidences of OWASP top 10
vulnerabilities in their portal. The client had no security guidelines in place and was looking for help.

How did we help the Client?
OWASP top 10 web application vulnerability analysis.
Prepare a list of malicious inputs based on vulnerability.
Identification and comparison of the available open source black box testing tools.
Vulnerability detection and identification using the most feasible open source black box testing
tools.
Prepare a report based on the findings.
Suggestion of possible exploits resulting out of the flaws discovered in the web application.
Probable diagnosis for the discovered vulnerabilities.
Identified vulnerabilities and possible causes documented.

Benefits Delivered
12 critical security defects were unearthed and security gap analysis was carried out. 
Some of the security defects were so critical (with financial implications) that the go-live date was
postponed to address those defects.
Prepared a list of malicious inputs categorized by vulnerability, for a black testing approach.
Higher confidence delivered to the Client in their go-live by suggesting remedial measures to the
issues detected.