card image

Pentesting a Digital Vault Platform

SecurityBoat's team performed a web application pentest on one of its client products.

  • Web
  • API


Our penetration testing team was tasked with a Web application penetration test for an undisclosed Digital Vault Platform (similar to Digi locker). The test included black box testing without a predefined scope or any additional information about the company and simulating a maliciously registered customer.


We were able to achieve a complete compromise of the transaction processing API, which allowed us to initiate unsolicited payments on behalf of other registered customers. Additionally, we were able to fetch the PII documents of the customers.

How Did We Do It?

The team at SecurityBoat discovered an unattended staging environment and exploited its vulnerabilities to access sensitive information. Later, this information was utilized to attack the main application, which enabled us to access the payment API on behalf of other client customers.

The Attack Lifecycle - Black Box

The Attack Lifecycle - Grey Box

What the client said about us!

The moment you speak to SecurityBoat, it's clear that they are passionate at their work. Ninad and his young team are enthusiastic, professional and are fully aware of the implications of their work. They moved fast, worked-hard and delivered a comprehensive report of our online product. Their detailed report and handholding are invaluable and have helped us immensely. Our search for an able, dependable team has ended with Security Boat.

Key Outcomes for the Customer

  • Increased Web application security due to comprehensive black and grey box testing and actionable guidelines on vulnerability remediation provided by SecurityBoat.
  • The solid reputation of a secure communication solutions vendor and increased customer trust.

Related Case Studies

End-to-End Security Case Study

End-to-End Security Case Study It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout. Web Mobile iOS Infra THE CHALLENGE The client needed an end-to-end cybersecurity solution, from secure development training to securing their cloud infrastructure. SecurityBoat’s team was asked to

View Case Studie Details