Security Analysis for an international Travel Booking Portal

Description

To avoid disruptions in the production system, applications are often examined for vulnerabilities in a test environment. In a pentest project for an international travel agency, this was not possible. So we discussed possible restrictions during the test with the customer in more detail.

We needed to pay special attention to the booking process for special offers, as only certain test bookings could be cancelled free of charge. As an example, only travels from a specific agency should be used during the test; the start of the travel should be some month in the future and the travel identifier should have been in a specific format. After we have collected the IDs of all test bookings we needed to make and sent them to our contact person within a deadline, there have never been any complications in all these years. Especially when we encounter customer-specific testing restrictions, we prefer to take one more manual step than lose sight by involving too many automatic testing tools.

back to projects
  • Penetration Testing
  • Travel
  • Booking