Overview
The client is an online marketplace that facilitates local buying and selling activities within communities. With a robust platform offering various services, including listing items for sale, browsing, and completing transactions via mobile applications or the website, the client caters to a diverse user base. Payment options such as cash, credit card, and Apple Pay provide flexibility and convenience to users. The client bolstered security by leveraging ACL Digital's expertise and aligning with OWASP Top 10 guidelines, reducing vulnerability to breaches.
Challenges
API calls and stack vulnerabilities, potentially exposing it to unauthorized access or injection attacks
Price tampering leading to financial losses and reputation damage
Hardcoded keys, secrets, and tokens allowing unauthorized access to sensitive data and compromising system integrity
Vulnerabilities associated with Log4j leading to remote code execution and data breaches
Benefits
By leveraging ACL Digital’s expertise and implementing solutions aligned with the OWASP Top 10 guidelines, the client:
- Strengthened its security posture and resilience against potential security breaches
- Enhanced user trust and confidence in the marketplace environment
- Mitigated risks associated with API vulnerabilities, price tampering, hardcoded keys, and Log4j CVEs
- Fostered a safer and more secure ecosystem for buyers and sellers, thereby safeguarding the reputation and integrity of the online marketplace
