flipkart case study
DESCRIPTION
this is a case study on flipkart about penetration studyTRANSCRIPT
![Page 1: Flipkart Case Study](https://reader034.vdocument.in/reader034/viewer/2022051516/55cf9bb0550346d033a70410/html5/thumbnails/1.jpg)
Flipkart.com chose iViZ to perform
comprehensive security assessments on its
web applications, while reaping savings
on time and cost.
iViZ
Penetration
Testing Helps
Flipkart stay
secure
"iViZ gives zero false positive
results which helps in fixing
genuine bugs than spending time in
chasing around non-existing bugs" -
Flipkart
![Page 2: Flipkart Case Study](https://reader034.vdocument.in/reader034/viewer/2022051516/55cf9bb0550346d033a70410/html5/thumbnails/2.jpg)
Page | 1
iViZ Penetration Testing Helps Flipkart Stay Secure
COMPANY PROFILE
Flipkart, which began in 2007 is now as per Alexa traffic rankings, among the top 30 Indian web
sites and has been credited with being India's largest online bookseller. In 2010 they branched
out to selling CDs, DVDs, mobile phones & accessories, cameras, computers, computer
accessories and peripherals, pens & office supplies, other electronic items such as home
appliances, kitchen appliances, personal care gadgets, health care products etc. Flipkart has
over 2 million registered users and ships more than 30,000 items per day.
The advantages of becoming one of the most popular e-commerce websites and thus
generating more traffic and revenue through transactions are countered by the disadvantage
that Flipkart is now a recognizable target for hackers.
CHALLENGES
Hackers are always on the prowl for vulnerabilities or bugs in applications that can be exploited.
Cross-Site Scripting (XSS) attacks, Session Hijacking, Clickjacking, SQL injection, Cross Site
Request Forgery (CSRF)etc., are a few of the methods that hackers can use to gain unauthorized
access to information or applications. Even a small vulnerability getting overlooked could prove
to be highly expensive for Flipkart therefore they had to consider the following:-
Flipkart being a market leading e-commerce business rely on their web site to function
efficiently and be reliable, having the latest look and feel to keep them apart from their
competitors. In order to keep this web site cutting edge they would need to update the
code for it regularly hence Flipkart wanted a web application penetration testing
solution that would give them the assurance that its applications had no easily
exploitable vulnerabilities.
The testing solution had to be comprehensive and available to be conducted On-
Demand at short notice as well as offering detailed reports with support from a human
being when and if required.
![Page 3: Flipkart Case Study](https://reader034.vdocument.in/reader034/viewer/2022051516/55cf9bb0550346d033a70410/html5/thumbnails/3.jpg)
Page | 2
Flipkart wanted to have its developers and testers concentrate on their core
competency which is to fix code and outsource the chore of repetitive cycles of testing
to a third party with Web Application Security Testing expertise.
Find a security vendor that could offer an attractively priced Web Application
Penetration Testing package without having to pay each time for unlimited testing
cycles.
![Page 4: Flipkart Case Study](https://reader034.vdocument.in/reader034/viewer/2022051516/55cf9bb0550346d033a70410/html5/thumbnails/4.jpg)
Page | 3
SOLUTION
Flipkart evaluated Web Application Penetration Testing (WAPT) solutions from various vendors.
The breadth of testing coverage and the detailed reports generated by the iViZ penetration
testing solution resulted in its choosing iViZ. Below are some more of the reasons why Flipkart
chose the iViZ Unlimited WAPT Solution:-
iViZ Techno Solutions Pvt. Ltd came up with an offering that was disruptive to its
competitors as it was able to offer a fixed price for unlimited premium tests.
Coverage of all 26 WASC classes of vulnerabilities using their patent pending “Hybrid
Solution” from a Cloud based SaaS platform provides an On-demand experience at short
notice.
They have a team of experienced security analysts who can help explain report findings
as well as help them with recreating exploits on vulnerabilities detected.
They were able to provide reports that had the following key features:-
o Guaranteed Zero False Positives thus allowing the developers to spend time
fixing only actual vulnerabilities present in the application.
o Business Logic Testing by human security analysts that cannot be identified by
automated scanners.
o Remediation Recommendations to minimize the risk of attack.
o Proof of Exploits accompanied by Proof of Concept screenshots of the
vulnerabilities to help testers/developers identify and resolve issues.
BENEFITS
An ideal mix of comprehensive testing services, coupled with detailed reports, are helping
Flipkart’s application developers to ensure that their web application is free of
vulnerabilities and bugs.
Cost Benefit
o As Flipkart’s application is in a constant state of flux in trying to stay ahead of its
competition iViZ’s Premium package allows them to run unlimited tests on an
application as and when needed at the same price that would be incurred for
two rounds of testing by the traditional consultant approach, thus making this an
extremely cost effective solution.
![Page 5: Flipkart Case Study](https://reader034.vdocument.in/reader034/viewer/2022051516/55cf9bb0550346d033a70410/html5/thumbnails/5.jpg)
Page | 4
Time Benefit
o The testing report format allows for prioritization of potential threats that need
to be mitigated — this helps Flipkart allocate resources wherever they are
needed the most for resolving issues.
o iViZ’s “Zero False Positives” guarantee allows Flipkart developers and testers to
only have to deal with legitimate vulnerabilities as confirmed in the report thus
avoiding any waste of time chasing false positives.
o The reports contain screenshots of the vulnerabilities that have been found
which helps Flipkart developers to identify and fix loopholes quickly.
o Since it is an on-demand, cloud-based solution, Flipkart saves on
software/hardware Capex and maintenance / in-house consultants Opex
overheads.