Bubble / Security audit Project management bubble_portfolio_01

PPM software for Bubble

Bubble is a top-rated SaaS solution for project and portfolio management that helps organizations shape their activities around strategic goals and improve delivery teams’ productivity

3
MONTHS'
COOPERATION
SECURITY AUDITQA
bubble_portfolio_02 Challenge

Bubble was looking for a team with broad cybersecurity knowledge and expertise as the company needed to conduct a security audit of its two existing platforms to reveal potential vulnerabilities. iTechArt managed to meet the requirements and was engaged to help Bubble’s in-house team build cyber resilience from the inside out to allow them to operate confidently moving forward.

Solution

Despite the testing being black boxed, our team managed to reveal a number of issues on two platforms: the Bubble Innovator and Bubble Project and Portfolio Management platforms. Post testing, we delivered two security audit reports that Bubble will need to demonstrate their high level of platform security to their clients.

bubble_portfolio_03
bubble_portfolio_04

iTechArt’s experts ran two rounds of penetration testing to ensure all threats were properly addressed within the OWASP methodology. The most critical risks included:

  • Cross-site scripting flaws leading to potential session hijacking, phishing and keylogging.
  • Password-guessing attacks as the IP address block didn’t function properly.
  • A lack of secure cookie flags preventing cookies from being observed by unauthorized parties.
  • Outdated libraries increasing the likelihood of cross-site scripting flaws.

Both platforms required the implementation of security best practices and misconfiguration errors needed to be fixed. iTechArt’s team provided special recommendations and a roadmap for addressing every issue.

Stack

Vulnerability
scanner
  • sandmap
  • WhatWeb
  • Vulners web scanner
TLS check
tools
  • sslcheck
Network
scanner
  • nmap
OSINT
tools
  • shodan
  • shodan
Other
  • Python scripts
  • Bash scripts
  • AWS CLI
Dynamic app
security testing
  • BurpSuite
  • Zed Attack Proxy

Featured works

Forex.com Forex Trading FinTech
MaritimeMT CRM Maritime
Data Dwell SaaS Advertising

Contact us

We will use your e-mail for the purpose of contacting you