How a Salesforce Misconfiguration Exposed A Major Financial Hub’s Records to the Public – Financial Institution – VAPT


A leading financial center facilitating trade & investment flows between 72 countries with a combined GDP of USD 8 trillion. Client served business entities ranging from multinational enterprises and government-owned entities to wealthy family businesses and rising startups. These made its customers (and systems) targets of choice. The Salesforce web application served as a focal point in its enterprise operations by functioning as a centralized database. This data included confidential and personally identifying information, such as identity verification documents, financial records, licenses, passports, and visa permits. Securing it necessitated vulnerability assessment and penetration testing. Fintech VAPT Case Study

Solution – Fintech VAPT Case Study

Team Kualitatem was given permission to put the application through a rigorous vulnerability assessment and internal as well as external penetration testing. This utilized open-source intelligence (OSINT), network scans, and network attacks such as LLMNR/NBT-NS poisoning, man- in-the-middle, token impersonation, kerb roasting, pass-the-hash, and golden ticket. Our toolkit included software such as Burp Suite Pro, Kali Linux, Metasploit, Nikto, and a set of custom programmed scripts exclusively developed by our information security engineering team.

Services Offered by Kualitatem:

Vulnerability Assessment and Penetration Testing

Download File