Client Assessment Summary: Disclosing several CVSS 9.8 in an emerging edtech startup in the US

The client is an Edtech startup in the US, the client had a mobile application(iOS, Android) in-scope for the penetration test for a 5-man day test.

The application is a learning app with basic functionality such as choosing a language, learning and contacting fellow members in the application, etc...

The application is implemented with AWS and API which was found to have the most vulnerabilities which allowed our consultants to gain access to sensitive PII for every application user including their hashed password, The assessment also found that the application had a good UI with the least security implementations such as very weak cryptography on password reset functionality which could allow an attacker to gain access to any user account in the application by resetting their password.

In total, we were able to identify 30+ vulnerabilities in the in-scope asset ranging from CVSS 6.8 to CVSS 9.8.

Client Feedback:

"Always loved working with this team. They are patient and kind, and really do great work with their clients. We were able to locate really important vulnerabilities that we will be addressing, things that our own security team missed. We will be definitely working with them in the future."

Try us by booking a 2-day assessment.

Get the most out of your security assessment.