Contact us Our risk response
BLOG
Services
Bespoke software development
CTO as a Service
Improvement workshop
Product discovery workshop
Audit and Assessment Services
How we work
Team augmentation
Project-based delivery
About us
Services
How we work
Portfolio
Blog
About Us
Contact Us
bubble_portfolio_01

PPM software for Bubble

Bubble is a top-rated SaaS solution for project and portfolio management that helps organizations shape their activities around strategic goals and improve delivery teams’ productivity

3
MONTHS'
COOPERATION
SECURITY AUDITQA
bubble_portfolio_02 Challenge

Bubble was looking for a team with broad cybersecurity knowledge and expertise as the company needed to conduct a security audit of its two existing platforms to reveal potential vulnerabilities. iTechArt managed to meet the requirements and was engaged to help Bubble’s in-house team build cyber resilience from the inside out to allow them to operate confidently moving forward.
Solution

Despite the testing being black boxed, our team managed to reveal a number of issues on two platforms: the Bubble Innovator and Bubble Project and Portfolio Management platforms. Post testing, we delivered two security audit reports that Bubble will need to demonstrate their high level of platform security to their clients.

bubble_portfolio_03
bubble_portfolio_04

iTechArt’s experts ran two rounds of penetration testing to ensure all threats were properly addressed within the OWASP methodology. The most critical risks included:

  • Cross-site scripting flaws leading to potential session hijacking, phishing and keylogging.
  • Password-guessing attacks as the IP address block didn’t function properly.
  • A lack of secure cookie flags preventing cookies from being observed by unauthorized parties.
  • Outdated libraries increasing the likelihood of cross-site scripting flaws.

Both platforms required the implementation of security best practices and misconfiguration errors needed to be fixed. iTechArt’s team provided special recommendations and a roadmap for addressing every issue.

Stack

Vulnerability
scanner
  • sandmap
  • WhatWeb
  • Vulners web scanner
 TLS check
tools
  • sslcheck
 Network
scanner
  • nmap
 OSINT
tools
  • shodan
  • shodan
 Other
  • Python scripts
  • Bash scripts
  • AWS CLI
 Dynamic app
security testing
  • BurpSuite
  • Zed Attack Proxy

Featured works

Webinfinity Marketing and AdTech arrow
ClassPass Fitness and Wellness arrow
Curve FinTech arrow
Webinfinity Marketing and AdTech
ClassPass Fitness and Wellness
Curve FinTech
contact us
.
contact us
.
We will use your e-mail for the purpose of contacting you
Close
We use cookies to make our site more enjoyable and relevant for you. By clicking “Accept all” you agree to the use of all cookies on our site. To change your cookies preferences, please click Manage cookies. For more information click cookies policy.