This is to certify that SecIQ Technologies has performed Vulnerability Assessment and Penetration Testing (VAPT) from 27-Feb-2025 to 06-Mar-2025 for the uKnowva API Integration Applicants Surepass Verification Module.
Executive Summary
Scope of Testing:
The scope of this penetration testing was limited to the Applicants Surepass Verification Module of the uKnowva API Integration. The objective was to assess security vulnerabilities within this module and ensure compliance with OWASP security guidelines.
Findings & Summary:
The application was tested against OWASP security standards, and the following vulnerability was identified, fixed, and verified during the retesting phase:
Business-Critical Risks
The following security vulnerability was observed and resolved during the assessment:
- Unauthenticated API (Broken Access Control - A01:2021):
An API endpoint was accessible without proper authentication, which could have led to unauthorized access. This issue was categorized as a Low risk and has been closed after applying the necessary security measures.
The above application was tested for compliance with OWASP security guidelines, and all identified issues have been fixed and verified as part of the retesting process.
Assessment Approach
The assessment was conducted using a grey-box approach, simulating an authenticated user’s perspective. The following phases were included in the assessment:
1. Application Profiling / Reconnaissance:
Understanding the application’s functionality, behavior, and design to identify potential vulnerabilities.
2. Business Logic Testing:
Evaluating the workflows for security flaws related to logical implementation.
3. Manual Exploitation:
Using manual testing techniques to identify vulnerabilities beyond automated scans.
4. Vulnerability Assessment:
Scanning the application with open-source and commercial security tools to detect known vulnerabilities.
5. Report Generation & Review:
Documenting findings, verifying fixes, and ensuring compliance with security best practices.
