Case Studies

Mobile Application PT

Introduction:

One of our clients has developed SaaS web application and mobile application to manage flight tickets. This application also allows users to book accommodation during the flight delay. The client has developed Android and iOS mobile applications. They have integrated various payment gateways as per airlines’ requirements. This client was processing cardholder data and was collecting PII during flight and hotel booking. The client approached Cybernetic GI to perform mobile application testing for Android and iOS along with Web application PT.

Solution:

  • Initial Consultation: Cybernetic Global Intelligence initiated the project with a kick-off meeting with respective stakeholders to clarify the testing objectives and requirements.
  • System Overview: The team reviewed the web application and mobile application architecture with insights from the technical team to understand its functionalities and potential vulnerabilities.
  • Pre-requisites Confirmation: During the kick-off meeting, Cybernetic team ensured that all necessary pre-requisites for testing were in place. The client shared the mobile application installation files along with the application documentation.
  • Business cases prepared: Based on the discussion with the technical team, our team had prepared a list of possible security attack vectors.
  • Non-Intrusive Testing: The initial phase involved non-intrusive tests to gather baseline information and perform technical reconnaissance.
  • Tool Selection and Manual Testing: Based on preliminary scan results, appropriate tools were selected, and manual testing was conducted on the mobile applications and web infrastructure.
  • Vulnerability Reporting: Critical vulnerabilities discovered during testing were immediately reported to the technical team.
  • Intrusive Testing: Our team had not performed intrusive testing as the client had not given the permission for intrusive testing.
  • Comprehensive Reporting: A detailed report, including proof-of-concept (PoC) where applicable, was prepared and delivered to the client. The report provided thorough recommendations for fixing identified issues.
  • Re-testing round: The client had opted for a retesting round. After receiving the confirmation from the client that his team have closed all the reported vulnerabilities, our team performed retesting to ensure all vulnerabilities have been closed successfully.
  • Project Closure: The project was concluded after a final review and sign-off by the senior management.

Our client’s applications were enhanced due to our structured approach and testing done by our experts. It helped our client to gain the trust of this customers about the applications.