The website evolves constantly as it provides users with newer features and quizzes. This constant change at the levels of source code, configuration and integration – makes it vulnerable in several ways. Occasionally the website runs contests wherein winners are rewarded. This makes its rich data bank consisting of questions, answers, feedback, and personal details of its users, extremely vulnerable to hacking. It is important to safeguard all of this and more.
The outcome of the Application Vulnerability and Penetration Testing exercise was an eye-opener for the product owners. While having the web application hosted on Microsoft Azure was a boon, there were certain vulnerabilities exposed pertaining to data transfer which could have posed a serious security threat if exploited by a seasoned hacker. Timely addressing of identified application security gaps ensure that next release of the application was more robust and more tuned to protect the confidential data pertaining to the quizzes and the users.