Security Audit for the Beauty Club Web Site

The client's website is a popular portal for beauty salon providing information about the company, the list of services as well as the possibility to book the services online via a personal user account.

The client was going to add electronic payments through the user accounts. Before the integration of the system with money transfers it was necessary to test and identify all possible vulnerabilities and to secure the system. Possible vulnerabilities can be hacking the website or the malicious viruses resulting in changes of the text or graphic information, unauthorized access to the customer’s personal data, changes in the personal information, false bookings, spam attacks and many other dangers. Therefore it is necessary to conduct the system's security audit.

The client had already worked with "Tecman" and was happy with its work and thus decided to entrust this work to our team.

During the audit process our specialists revealed many critical vulnerabilities. Even when the system was tested within the "black box" principle (without knowing the product's inner mechanisms) the open ports, through which you can get into the system, were detected as well as XSS-injection and SQL-injection which allowed an attacker to change the website in any way they wanted. The testing was conducted both manually and an automated method using many web-robots and virus attacks. As a result we found over 30 vulnerabilities on the client's website.

The next step was to test the system within the "white box" approach (with knowledge about the inner mechanisms of the product and access to the initial code). At this stage we were able to understand how these vulnerabilities connected to the website's code.

The work result was the documentation with a detailed description of all identified vulnerabilities and ways to prevent them and took 6 weeks and was implemented by the team of 3 people: the project manager, information security specialist, technical author.

Branch: Provision of services Technology: PHP Solution: Information Security Audit Platform: Web
02.02.2011
Address in Yaroslavl: Pobedy 38/27, Suite 503, Yaroslavl, 150040
  1. Name
    Неверный Ввод
  2. Telephone
    Неверный Ввод
  3. Нажав кнопку "Отправить",я даю согласие на обработку моих персональных данных и получение рекламы. С условиями обработки персональных данных и получения рекламы, изложенными на сайте tecman.ru (Политика конфиденциальности ООО Текмэн) -ознакомлен и согласен

  1. Name:
    Неверный Ввод
  2. e-mail:
    Неверный Ввод
  3. Telephone:
    Неверный Ввод
  4. Message:
    Неверный Ввод
  5. Нажав кнопку "Отправить",я даю согласие на обработку моих персональных данных и получение рекламы. С условиями обработки персональных данных и получения рекламы, изложенными на сайте tecman.ru (Политика конфиденциальности ООО Текмэн) -ознакомлен и согласен