Client Overview

Our client is a top consent management platform that assists websites in complying with cookie laws such as GDPR, CCPA, and LGPD.
Given that they have many users and integrations with main content management systems, what they hold highly important is to secure user information and remain compliant with stringent privacy requirements.

Challenges Faced by the Client

Managing consent for millions of websites involves unique security challenges. Among these include the most pertinent ones like: Carrying out continuous security assessments to prevent any gaps that could otherwise compromise user data or compliance. Timely and effectively verifying and managing incoming vulnerability reports received through the global bug bounty program by implementing a structured approach .

Enduring feature releases and updates in high rates without compromising security.

What We Brought To The Table

Wattlecorp’s certified cybersecurity experts undertook a comprehensive security program built from the ground up to address their client’s unique security challenges.

• Real-Time Vulnerability Scanning: Performed black box and grey box testing to assess, detect, and fix security vulnerabilities within web applications.

• Configuration Reviews: Identified and corrected misconfigured settings by reviewing cloud, application server, and network designs.
  
• Bug Bounties Validation: Client’s bug bounty program reports were thoroughly checked. These nicely validated the accurate risk prioritisation and vulnerability assessment. Also ensured proper report estimate completion with timely remediation.

Technical Details

Stage 1 – Security assessment and analysis

We started with a comprehensive vulnerability assessment of the environment. A configuration review followed to analyse and understand the baseline of the platform’s security. We could ultimately secure our client’s infrastructure and application from any potential vulnerabilities, insecure practices, and misconfigurations through systematically conducting vulnerability scanning and penetration testing. This was confirmed exclusively by our client’s tech team.

Stage 2 – Bug bounty validation and exploitation

We validated each report after researchers submitted vulnerabilities through the bug bounty program. Then we prioritised critical issues based on their impact and provided precise recommendations to solve them faster.

Recommendations

To strengthen the platform’s security, we recommended the following:

• Immediate patching and updates to address vulnerabilities.
• Enhanced monitoring and logging to detect anomalies.
• Tightened cloud configurations to restrict access and improve security.
• Secure coding awareness sessions for the development team to reduce future vulnerabilities.

The Results

• With Wattlecorp’s support, the client significantly improved their security posture:
• Identified vulnerabilities were promptly fixed, minimising risks to user data.
• Cloud configurations were optimised to eliminate misconfigurations.
• The bug bounty validation process became faster and more efficient, ensuring critical reports were prioritised and resolved quickly.