Retail / Security & Penetration Testing
Closing four attack paths before they reached a Gulf retailer’s customers
a leading Gulf retail conglomerate · Retail · Security
4
attack paths found + remediated
IDOR
and email-enumeration risks closed
100%
revalidated via retesting
The context
As a Gulf electronics retailer expanded its digital operations, the security and resilience of its e-commerce platform became critical.
The challenge
- Exploitable vulnerabilities risking sensitive-data exposure.
- Compliance violations, financial and reputational risk.
What we did
A comprehensive penetration test (OWASP Top 10 2021, WASC 40) using Burp Suite, Nikto and Nmap, with structured revalidation of fixes.
- Identified four significant attack paths plus security misconfigurations.
- Hardened tokens and API access, modernised the password policy, eliminated data exposure in URLs.
- Resolved critical flaws (including IDOR) during revalidation.
“They found four real attack paths into our platform before anyone else could — and walked us through fixing every one. That’s peace of mind you can’t fake.”
Stack & tooling
OWASP / WASCBurp SuiteNiktoNmap