Services
Bespoke software development
Workshop
Improvement workshop
Product discovery workshop
 
CTO as a Service
Emergency IT support
Audit and Assessment Services
How we work
Portfolio
About us
Contact Us
Bubble / Security audit Project management bubble_portfolio_01

PPM software for Bubble

Bubble is a top-rated SaaS solution for project and portfolio management that helps organizations shape their activities around strategic goals and improve delivery teams’ productivity

3
MONTHS'
COOPERATION
SECURITY AUDITQA
bubble_portfolio_02 Challenge

Bubble was looking for a team with broad cybersecurity knowledge and expertise as the company needed to conduct a security audit of its two existing platforms to reveal potential vulnerabilities. iTechArt managed to meet the requirements and was engaged to help Bubble’s in-house team build cyber resilience from the inside out to allow them to operate confidently moving forward.
Solution

Despite the testing being black boxed, our team managed to reveal a number of issues on two platforms: the Bubble Innovator and Bubble Project and Portfolio Management platforms. Post testing, we delivered two security audit reports that Bubble will need to demonstrate their high level of platform security to their clients.

bubble_portfolio_03
bubble_portfolio_04

iTechArt’s experts ran two rounds of penetration testing to ensure all threats were properly addressed within the OWASP methodology. The most critical risks included:

  • Cross-site scripting flaws leading to potential session hijacking, phishing and keylogging.
  • Password-guessing attacks as the IP address block didn’t function properly.
  • A lack of secure cookie flags preventing cookies from being observed by unauthorized parties.
  • Outdated libraries increasing the likelihood of cross-site scripting flaws.

Both platforms required the implementation of security best practices and misconfiguration errors needed to be fixed. iTechArt’s team provided special recommendations and a roadmap for addressing every issue.

Stack

Vulnerability
scanner
  • sandmap
  • WhatWeb
  • Vulners web scanner
 TLS check
tools
  • sslcheck
 Network
scanner
  • nmap
 OSINT
tools
  • shodan
  • shodan
 Other
  • Python scripts
  • Bash scripts
  • AWS CLI
 Dynamic app
security testing
  • BurpSuite
  • Zed Attack Proxy

Featured works

Unlimint Salesforce CRM FinTech arrow
Infogrid Management space IoT arrow
ClassPass Wellness Fitness arrow
Unlimint Salesforce CRM FinTech
Infogrid Management space IoT
ClassPass Wellness Fitness

Contact us

We will use your e-mail for the purpose of contacting you
We use cookies to make our site more enjoyable and relevant for you. By clicking "Accept" you agree to the use of all cookies on our site. To change your cookies preferences, please click Edit Settings. We use cookies to make our site more enjoyable and relevant for you. By clicking "Accept" you agree to the use of all cookies on our site. To change your cookies preferences, please click Edit Settings. Edit Settings Accept

Manage Analytics Cookies Includes: Google Analytics, Linkedin Analytics On Off