Project Information
-
Industry: E-Commerce
-
Service Provided: Web Application VAPT
-
Duration: 5 Days
Send Us mail
ZeroDay offers a range of Cybersecurity services for all firms all over the industry
Web Application VAPT for Trendora Fashion
Trendora Fashion Pvt. Ltd., a growing Indian e-commerce brand specializing in clothing and accessories, approached ZDShield after noticing unusual login spikes, failed order confirmations, and unstable checkout performance during peak hours. The client was concerned about the safety of customer data and wanted a complete Web Application VAPT based on OWASP standards.
ZDShield conducted a detailed assessment using Burp Suite, OWASP ZAP, Nmap, SQLMap, and custom scripts. Our testing covered the authentication flow, payment workflow, order management APIs, session handling, and server configuration. During the assessment, we identified critical vulnerabilities including an IDOR flaw in the order details API, which allowed attackers to access any customer’s order information by manipulating parameters. We also discovered a SQL injection in the search feature that could expose sensitive database contents, along with a weak password reset mechanism that made account takeover possible. Several high-risk issues were also found, such as an exposed AWS S3 bucket, lack of brute-force protection, and outdated plugins with known CVEs. Medium-level risks included missing security headers, unsecured cookies, directory listing, and disclosure of internal server details.
If exploited, these vulnerabilities could have resulted in major financial and reputational damage for Trendora Fashion, including customer data theft, order manipulation, website defacement, and potential database compromise. The overall risk level prior to intervention was classified as High.
At ZeroDay our culture comes to life through three core values:
ZDShield collaborated with the client’s development team to implement all required fixes. We strengthened API access controls, enforced parameterized SQL queries, hardened the AWS S3 bucket, added rate limiting to the login endpoint, secured session cookies, enabled essential security headers like HSTS and CSP, and removed vulnerable outdated plugins. After a full remediation cycle and retest, all critical and high-severity issues were confirmed resolved.
Following our intervention, Trendora Fashion saw measurable improvements, including a significant reduction in brute-force attempts, improved website stability, and faster, more secure checkout performance. Their security posture improved from “High Risk” to “Secure,” and the client has since partnered with ZDShield for quarterly VAPT and ongoing security monitoring.