Penetration Testing for
a Tickets booking system

The business of online tickets’ booking is characterized as highly overloaded with money transactions and personal data (like phone numbers, home address, credit card credentials, etc).

Besides that, with business growing (the increase of users, transactions, etc) the client was concerned the system might become an easy target during the planned scaling.

The task was complicated with a lack of control over the development team located at different offices. Malicious attacks could come directly from team members, while the risks of losing data were too costly.

Our team decided to perform a web security audit with a focus on vulnerabilities of unauthorized access to the system. Prior to any test actions, the team met with the client and explained what measures will be taken in an attempt to “hack” their system. The effectiveness of defense mechanisms was tested with a number of malicious attacks simulating actual hacking tricks. More to that, we also provided the team with recommendations on how to escalate the company security maturity and prevent any business breaches.