The Client
One of Europe’s largest and fastest growing online payment gateways, providing a range of payment processing services for businesses selling online and processing payments valued in excess of £20 billion per annum on behalf of more than 10,000 merchants.
The Challenge
The client required Web Application, Web Service (API), Mobile and Infrastructure Penetration Testing of their personal payments platform.
The requirement was for a multi-part test which needed to be delivered in separate phases. The web application provides administration and payments functionality for end user clients along with an API that is used by the platform’s Android and iOS mobile applications. Infrastructure for the software is hosted in a datacentre on our client’s own equipment.
The Solution
4ARMED provided CREST Certified Security Testers to conduct the different parts of the engagement. Utilising 4ARMED’s comprehensive methodology – which fully meets PCI DSS requirement 11.3 - the penetration testing for this client involved a manual test that included the use of professional tools in addition to some custom code development in order to fully integrate with the API and deliver comprehensive web service coverage.