We were contracted by the team at CodaBox to conduct penetration tests under our Grey Box testing services. With our experience in fintech, we were ready in ensuring the security of the API integration. In addition, due to the sensitive nature of the transactions, we were there to guarantee the safety and privacy of all involved in their day-to-day operations.
We tested for a range of commonly exploited vulnerabilities, these included:
- Remote Code Execution
- SQL Injection
- Path traversal attacks
- File upload vulnerabilities
- Parameter tampering
- Access control flaws
- Transport layer security, Business logic, and Authentication flaws
- SMTP, Header, and JSON Injection
- XML Injection / Code Execution
From our testing, we discovered and informed the team of a number of vulnerabilities. However, by design, the CodaBox system was very secure. We were impressed by the level of maturity in their security architecture. We delivered a comprehensive report of our findings and the CodaBox team were very pleased with our recommendations as it enabled them to take their security to the next level.