Pen-Testing of Fake Brand Detection Portal - Cyber Security Case Study

Scenario

Client's proprietary methodology guides you to locate and verify anticounterfeit features in genuine branded products and helps you detect and reject fake products. The client approached us for performing tool based VA for provided APK.

Testing methodology

The aim of the exercise was Tool based VA only so the outcome contained list of possible issue could lead to potential damage to user and the data.

Risk Found

    Unnecessary permission was allowed leading to potential data loss. Sensitive information leakage was found revealing API_Keys Buffer overflow founded leading to remote access and application crash. Raw SQL queries were present enough for giving idea about database structure.