E-reading is more popular than ever before, and the COVID outbreak has really turned our kids completely into e-learning. 2020 was the digital year completely, and it has enhanced the growth rate of educational apps by 30%. The year has positively impacted digital businesses, and there is better revenue for all the software applications than in previous years.
In this blog post, we will look at the issue faced by our client on their software, our VAPT solutions to their problems, and the positive business impact created by our testing solutions.
Our client is a software development enterprise that offers solutions for E-reading, information consumptions, and document visualization. They render software solutions that create digital PDF experiences helping the application users to connect with facts and information across sources and save the content for references.
The client’s application works on iPad. It enables users to work on multiple documents simultaneously and becomes an essential app for communities in law, technical document verification, contract writers, RFPs, etc. Our client offers a free download of the e-reading application to all the users and enhances some advanced features to the premium users with paid subscriptions.
Our client’s application required a QA as the users and hackers were trying to break the software’s premium walls and leverage the advanced premium features without the subscription.
Hence, the client partnered with us to go through a vulnerability assessment to help them identify the loopholes in premium access. Also, they want the premium users to remain confidential with their key/license to prevent unauthorized access.
A look into our client requirements.
The client was facing a tough phase in their business as the users and hackers were breaking the premium walls of the application and leveraging the advanced features of the paid application model.
This, in turn, reduced their number of subscribers as premium users were sharing their license to the app users, and hackers were cracking the advanced version and sharing the software. Which required urgent notice and the need for an experienced software testing company. Our client approached us with a set of requirements.
They approached the Indium team to provide solutions for this vulnerability around their software.
Indium Software is a pioneer in Quality Assurance solutions and has strong expertise in security testing. Indium Software’s VAPT helps discover vulnerabilities within the application and reduces the risk drastically. Indium also provides a wide range of security testing services apart from VAPT.
The Indium testing team developed an optimized strategy for automated assessment with open-source tools and manual methods in the perspective of hackers to penetrate through the e-reading software and identify the loopholes for security breaches.
Our test engineers performed the vulnerability assessments on both enterprise and customer versions of the software. We then performed a static and dynamic analysis to pierce through the application to identify the loops by which hackers crack the premium features.
Our team then framed a customized static analysis to exploit the interesting files and performed the test cases with injection and reverse-engineering attacks. This includes license key forgery attacks, memory analysis, and binary analysis. Our software testers dug deeper into the static analysis of the application.
Indium team does not want to leave our client down in any scenario and hence we do perform a dynamic round of testing in the apps.
Our quality engineers performed manual enumeration to identify the security breaches, functionality defects, and they leveraged CLI tools. With these customized testing strategies, we notified two critical vulnerabilities under sensitive data exposure and insecure communication.
Our team recommended appropriate fixes for every potential threat identified in the e-reading application to our client. Here are our recommendations!
Our client was much happier as we created strong premium walls for their application by breaking down all the security breaches. We created an automated vulnerability assessment and penetration test suite for their application to get rid of unauthorized access to premium accounts.
By Uma Raj
By Uma Raj
By Abishek Balakumar
Pradeep is a Content Writer and Digital Marketing Specialist at Indium Software with a demonstrated history of working in the information technology and services industry.