Challenges we encountered during the process
- To exploit the API disclosing other customers and orders information.

- To uncover the vulnerabilities in OTP verification authorization
What’s included in the Scope of the application?
My orders section:

Exploited the API and was able to fetch previously placed orders and personal details of other users

OTP verification before placing order:

Bypassed the OTP verification by analyzing API requests in which there was no proper authorization implemented.
How we improved the systemafter identifying issues
User privacy and trust build up as their personal profile and details are no more accessible by any unauthorized person.

Protected the application from spam orders by implementing proper authorization on OTP verification
Words from
friends.
Amazing job, everyone. Don't want to speak too soon but this is the best rollout we've ever had, despite this being one of the most complex campaigns to go live with. Thank you all for such hard!
Aya Assi
Head of Trade, OUNASS
Your dedication helped us in delivering success factors as per timelines and deeply appreciate every member of this team for showing relentless effort for this project.
Rakesh Kondreddy
QA Manager, GMG
They say that "a chain is only as strong as the weakest link", but I wouldn't know because this team doesn't have one (I Really mean it).
Ziad Sohail
Lead QA Engineer, Al Tayer Group
Thank You!
Oops! Something went wrong, maybe a shark bit your internet cable. Try again or you can just email us.
Lets talk QA
Discover the potential of your project. Contact us today to explore how we can transform your vision into successful reality
connect@werplay.com
Our Apps Services
Other Services we offer
Home
Playdew - Our Indie Studio Friends
Careers
Legal
Back to top
Follow us on Socials
WERPLAY