OWASP-based security audit for Belgian technology firm's web platform.
Country: Belgium
Client Industry: Software
Background
XEye Security was contracted by a Belgium-based technology company to perform a structured penetration test on their primary web application. The client required a deep-dive analysis based on OWASP Top 20 risks, supported by reproducible tutorials and technical documentation aligned with OSCP reporting standards. The goal was to uncover exploitable weaknesses and empower the development team with hands-on remediation guidance.
Challenges
1. Cross-site scripting and insecure deserialization vulnerabilities
2. Public access to sensitive endpoints due to misconfigured access controls
3. Inadequate input sanitization on registration and login forms
4. Lack of visibility through incomplete server-side logging
Solution
1. Conducted OSCP-style penetration testing with documented toolchains
2. Delivered findings using markdown-based reporting for developer reference
3. Created reproducible exploitation steps for internal training use
4. Strengthened input handling, session policies, and endpoint access control
Results
1. All critical vulnerabilities resolved within 10 working days
2. Web application passed internal compliance and peer review
3. Client empowered with reusable vulnerability testing framework
4. Scheduled re-assessment established for long-term security management
