Our client for this project is a global leader in real estate software solutions and also a
trusted partner for thousands of estate agents worldwide. They offer more than a “CRM”, but
rather a complete business management solution. Their solution helps forward thinking
professionals and industry champions to cultivate new business, engage promising
prospects, and score more lettings and sales deals. The client offers the definitive CRM
software for the UAE region.
The client was facing a shortage of time as they had to launch the product but found that
testing would take at least 3 weeks. With our help, we found a way to reduce testing time to
a mere 1 week.
Evidence was gathered via extensive Web Application Security Tests and used to present a comprehensive report to the client. We explained how these vulnerabilities came about to
the CTO and gave a technical session on how to avoid such bugs in future updates, which was well received by their team.
1. 3 hackers from our team were assigned to test the real estate software.
2. We manually searched for critical vulnerabilities.
3. We discovered an OS Command Injection Vulnerability which made the entire private
cloud server compromisable.
4. We also found a few other medium to low-level vulnerabilities.
5. We collated our findings and submitted a report to the QA Lead of the client, who
was extremely impressed with our findings.
6. We conducted a retest after the vulnerabilities were fixed, and found no further
problems
At iSecurify, we ensure that all our work follows international security standards, such as OWASP, SANS, and WASC. For each new client, we prepare a custom checklist with all the latest discovered attack vectors. Following that, we prefer to conduct a manuel test for vulnerabilities like Out of Band Remote Code Executions, Injections, Privilege Escalations,and Business Logic Issues. We perform a thorough scan using our automated scripts and other tools.
Powered by
