AhaSlides Has Passed Viettel Cyber Security’s Penetration Test

Announcements

AhaSlides Team 30 August, 2024 4 min read

ahaslides passed the penetration test

We are thrilled to announce that AhaSlides has aced the all-encompassing Greybox Pentest administered by Viettel Cyber Security. This in-depth security examination targeted our two flagship online platforms: the Presenter app (presenter.ahaslides.com) and the Audience app (audience.ahaslides.com).

The security test, which ran from December 20th to December 27th, 2023, involved meticulous probing for various security weaknesses. The team from Viettel Cyber Security performed a deep-dive analysis and flagged several areas for improvement within our system.

Key Points:

  • Test Period: December 20-27, 2023
  • Scope: In-depth analysis of various potential security weaknesses
  • Result: AhaSlides passed the test after addressing identified vulnerabilities
  • Impact: Enhanced security and reliability for our users

What is Viettel Security's Pentest?

A Pentest, short for Penetration Test, is essentially a mock cyberattack on your system to uncover exploitable bugs. In the context of web applications, a Pentest is an exhaustive evaluation to pinpoint, analyze, and report on the security flaws within an application. Think of it as a stress test for your system's defenses - it shows where potential breaches could occur.

Conducted by the seasoned professionals at Viettel Cyber Security, a top dog in the cybersecurity space, this test is part of their extensive security service suite. The Greybox testing methodology used in our assessment incorporates aspects of both black box and white box testing. Testers have some intel on the internal workings of our platform, mimicking an attack by a hacker who has some prior interaction with the system.

By systematically exploiting various facets of our web infrastructure, from server misconfigurations and cross-site scripting to broken authentication and sensitive data exposure, the Pentest offers a realistic picture of potential threats. It's thorough, encompassing various attack vectors, and is conducted in a controlled environment to ensure no real harm to the systems involved.

The final report not only identifies the vulnerabilities but also prioritizes them by severity and includes recommendations for fixing them. Passing such a comprehensive and rigorous test underscores the strength of an organization's cybersecurity and is a fundamental building block for trust in the digital age.

Identified Weaknesses and Fixes

During the testing phase, several vulnerabilities were found, ranging from Cross-Site Scripting (XSS) to Broken Access Control (BAC) issues. To be specific, the test uncovered vulnerabilities like Stored XSS across multiple features, Insecure Direct Object References (IDOR) in the Presentation deletion function, and Privilege Escalation across various functionalities.

The AhaSlides tech team, working hand-in-hand with Viettel Cyber Security, has addressed all identified issues. Measures like input data filtering, data output encoding, the use of appropriate response headers, and the adoption of a robust Content Security Policy (CSP) have been implemented to bolster our defenses.

AhaSlides Successfully Passed the Penetration Test by Viettel Security

Both the Presenter and Audience applications have successfully passed a comprehensive penetration test conducted by Viettel Security. This rigorous assessment underscores our commitment to robust security practices and user data protection.

The test, conducted in December 2023, employed a Greybox methodology, simulating a real-world attack scenario. Viettel's security experts meticulously evaluated our platform for vulnerabilities, identifying areas for improvement.

The identified vulnerabilities were addressed by the AhaSlides engineering team in collaboration with Viettel Security. Measures implemented include input data filtering, output data encoding, a robust Content Security Policy (CSP), and appropriate response headers to further fortify the platform.

AhaSlides has also invested in advanced monitoring tools for real-time threat detection and response. Additionally, our incident response protocols have been refined to ensure swift and effective action in case of a security breach.

A Safe and Secured Platform

Users can be confident that their data is protected and their interactive experiences remain secure. With ongoing security assessments and continuous improvement, we are committed to building a reliable and secure platform for our users.