Ola City
From Nov 05th, 2020 to Aug 23rd, 2021, Ola City Company engaged CyStack to evaluate the security posture of its infrastructure compared to current industry best practices that included an external penetration test. All testing performed is based on the NIST SP 800- 115 Technical Guide to Information Security Testing and Assessment, OWASP Testing Guide (v4), and customized testing frameworks.
Audit Projects > Ola City
Audit Report - Ola City
Type of audit
Vulnerability Management
Language
N/A
Testing method
continuous_test
Request date
2020-11-04T17:00:00.000Z
Revision date
2021-08-22T17:00:00.000Z
Status
completed
Target distribution
About Ola City JSC
Ola City is a performance-based advertising platform (Performance Marketing Platform) where businesses can promote their products and services to millions of customers at the lowest cost, bringing the highest efficiency
Type
platform
Platform
N/A
Owner
Ola City JSC
Industry
blockchain
Assessment Checklist
Application Deployment and Configuration
Ensure server configuration, network infrastructure, web applications, files are handled correctly and securely.
User Identity Management
The application manages user identities well and does not cause problems in all use cases.
Authentication mechanism
Make sure the application's authentication mechanism has a reasonable logic, preventing the possibility of authentication bypass.
Decentralization mechanism
Check for privilege escalation, decentralization, or path traversal vulnerabilities.
Session management mechanism
Check for errors related to cookies and sessions.
Input data validation mechanism
Check for Reflected XSS, Stored XSS, SQL injection and other injection errors.
Error control ability
Ensure errors are handled properly and do not expose sensitive information through error notifications.
Encode
Test the application's encryption algorithms.
Business logic of the application
Check application integrity, conflict, and responsiveness.
Client-side issues
Check for security flaws that can be exploited from the client side.
About projects.vulnerability-management Service
projects.about_vulnerability-management