Project Summary
Stingrai Inc. pentested the application of a security solutions provider. The team reported the issues they found and gave recommendations on how to resolve them via their dashboard platform.
The Challenge
Aman Ibrahim (CEO of DeepTrust) hired Stingrai Inc. to accomplish the following goals:
- We needed to pentest our application as we were getting our SOC II Type II audit
The Approach
Why Stingrai was selected:
Scope of work:
Stingrai Inc. pentested our application, reported the issues they found, and gave us recommendations on how to resolve them via their dashboard platform.
The Outcome
Stingrai Inc. identified multiple issues around authentication and sensitive data access, leaked keys, and potential opportunities for bad actors to use our platform to phish, social engineer, and DDoS our service. The team provided multiple recommendations to directly improve authentication and cover up edge cases. Some of the recommendations included removing hard-coded keys, rate limiting certain POST requests, implementing stricter server-side role and access validation, and adding more validation around user inputs for edge cases. We created tickets for our engineers to resolve the issues, and they were resolved within a month.
“Stingrai Inc.'s project management was great. The team delivered on time and responded well to our needs. We communicated via Slack.”
- Aman Ibrahim, CEO at DeepTrustWhat Was Most Impressive
The quality of Stingrai Inc.'s work was impressive.
Areas for Improvement
No, there weren't any.