Get Expert Assistance

contact@authenticone.com

Instagram X-twitter Linkedin-in
Get Started
+91 9353993300
Back to Insights

End-to-End Managed Security Operations for a SaaS-Based Transport Platform

Client Background

A major transport technology provider operating multiple web platforms and mobile applications (Android & iOS) partnered with us to strengthen their security posture, establish continuous system monitoring, and conduct security testing for their websites and applications.

Challenge

The client required real-time visibility across their infrastructure, continuous endpoint security, and recurring VAPT to secure their rapidly evolving transport applications. Their environment needed a reliable SOC partner capable of early threat detection, quick response, and identifying vulnerabilities before they could impact users.

Our Approach

We implemented a cloud-based SIEM and established a 24×7 SOC operation with continuous alert monitoring and accurate triage of true and false positives. We provided ongoing incident response guidance and managed vulnerability and patch workflows across all endpoints to maintain system integrity. Along with SOC services, we conducted continuous Web, Mobile Application, and Infrastructure VAPT for all transport applications. This assessment covered backend services, APIs, cloud storage, Android and iOS builds, and internal operational dashboards, ensuring every release and feature update was tested for security gaps.

Key Findings

Through recurring VAPT cycles, we identified multiple critical vulnerabilities, including unauthenticated access to the Spring Boot Actuator exposing heap dump memory, broken access controls allowing unauthorized access to admin functionalities, unauthenticated access to Prometheus metrics, and deactivated employee accounts still able to log in. In mobile applications, we discovered unauthorized access to VoIP subscriber data and tokens, SSL pinning bypass possibilities, stored XSS in chatbot flows, CORS misconfigurations, and unrestricted file uploads via the S3 PUT method. These issues were addressed promptly through coordinated remediation support.

Outcome

With ongoing SOC operations and continuous VAPT, the client now benefits from complete security visibility, faster incident detection, and proactive identification of vulnerabilities across all web and mobile platforms. Their transport ecosystem remains secure with every update and release, supported by our dedicated monitoring, testing, and remediation partnership.