CAKE by VPBANK
BeFinancial engaged CyStack to perform a Penetration Test of their applications. The purpose of this project is to identify security weaknesses, determine the impact to Cake by VPBank, document all findings in a clear and repeatable manner, and provide remediation recommendations. The project commenced on 05/09/2022 requiring five (5) security researchers. On 25/10/2022, CyStack performed a retesting that confirmed the effectiveness of the applied mitigations. All issues with direct security impact have been addressed by BeFinancial.
Overview
| Products | Completion date | Status |
|---|---|---|
| 25 tháng 10 năm 2022 | Completed |
Total finding
N/AIssues
N/A Resolved
CriticalN/A
HighN/A
MediumN/A
LowN/A
InfoN/A
Assessment Checklist
AI Application Security
Algorithmic Biases
Application-Level Denial-of-Service (DoS)
Automotive Security Misconfiguration
Blockchain Infrastructure Misconfiguration
Broken Access Control (BAC)
Broken Authentication and Session Management
Client-Side Injection
Cross-Site Request Forgery (CSRF)
Cross-Site Scripting (XSS)
Cryptographic Weakness
Data Biases
Decentralized Application Misconfiguration
Developer Biases
External Behavior
Indicators of Compromise
Insecure Data Storage
Insecure Data Transport
Insecure OS/Firmware
Insufficient Security Configurability
Lack of Binary Hardening
Misinterpretation Biases
Mobile Security Misconfiguration
Network Security Misconfiguration
Physical Security Issues
Privacy Concerns
Protocol Specific Misconfiguration
Sensitive Data Exposure
Server Security Misconfiguration
Server-Side Injection
Smart Contract Misconfiguration
Societal Biases
Unvalidated Redirects and Forwards
Using Components with Known Vulnerabilities
Zero Knowledge Security Misconfiguration
Other
Deliverables
Final Report
Completion Certificate
