Ecommerce Solution Pentesting for a Company Providing Software for Airlines
Customer
The Customer is a European company, which offers a customer-facing ecommerce cloud platform to airline companies. The platform is designed to facilitate product information and order management for the airlines.
Challenge
The Customer wanted to get penetration testing of their ecommerce platform to evaluate its security level. They turned to ScienceSoft’s security testing team to get the services they needed and find out whether there were any vulnerabilities in their solution that could be exploited by hackers.
Solution
ScienceSoft’s security testing team conducted black box penetration testing of the Customer’s ecommerce platform. The security testing team used testing tools compliant with the ethical hacking methodology. ScienceSoft’s security engineers identified four vulnerabilities in the Customer’s ecommerce platform and classified them according to their severity.
- Insufficient brute-force protection – medium severity level.
The login form in the Customer’s platform was not properly protected against brute-force attacks. Multiple unsuccessful login attempts undertaken by ScienceSoft’s security engineers were followed by a successful login. The security testing team recommended the Customer to limit the number of failed login attempts per user. The number of attempts was left for the Customer to assign.
- Susceptibility to cross-site request forgery (CSRF) – medium severity level.
CSRF means a possibility to exploit the Customer’s ecommerce platform by transmitting unauthorized commands from users that this platform trusts. ScienceSoft’s security testing team recommended enforcing the protection against CSRF attacks by including an additional token within relevant requests. It should be generated using a cryptographic random number generator, and each token number should be associated with a particular user’s session.
- SSL cookies without the secure flag – low severity level.
Browsers do not submit the cookies with a set secure flag in the requests that use an unencrypted HTTP connection. Thus, attackers are not able to intercept the cookies. In the course of penetration testing, ScienceSoft’s security engineers identified several cookies that did not have the secure flag. The Customer got a recommendation to set the secure flag on each cookie used for transmitting sensitive data.
- Susceptibility to cross-site scripting (XSS) attacks – low severity level.
The password recovery form of the Customer’s ecommerce platform was vulnerable to cross-site scripting attacks. The Customer’s platform failed to block XSS attacks in some browsers, Internet Explorer 9 in particular. ScienceSoft’s security engineers recommended the Customer to validate users’ input data. The corrective measure involved ensuring input data control and output data filtering.
Results
The Customer obtained the evaluation of the security level of their ecommerce cloud platform. Penetration testing allowed the security engineers to identify four vulnerabilities in the Customer’s platform. The Customer got the list of corrective measures aimed at eliminating the security weaknesses to increase the ecommerce platform protection level.
Technologies and Tools
Metasploit, Nmap, SQLMap, Nikto, DIRB, Burpsuite, Nessus, Zmap