Penetration Testing
Internet banking – whitebox tests (web application + source code review)
The engagement was about to perform security tests of new features implemented in
Internet banking web application. The scope of the penetration test consisted of source code
review and web application. During the engagement among the others a Local File Inclusion
vulnerability was found – any user of the web application was able to read local files,
including application configuration files with credentials to other subsystems. The flaw was
found during source code review and was confirmed in the working application.