French version French version Sitemap Sitemap Private AccessLogin
IT Security

" French bank Portail "


> Case study : Penetration tests against an online bank portail

We have perform global penetration test against an online bank portal with an anonymous and real customer credentials.

Our analysis reveals some major vulnerabilities like :

  • Confidential informations theft
  • Ability to perform malicious credit transfers
  • Phishing vectors attack

Instances of detected vulnerabilities :

    > Confidential informations theft
    • Read access of several customer accounts
    • Read access of detailed User confidential datas
    > Fraudulent transfers credits
    • Negative transfert credits request to another valid account.
    • Transfert credit request out of the limit autorized by the application.
    > Phishing
    • The application allows to send emails from the bank website.
    • Arbitrary Code Injection on the website.
    • Automatic User credentials theft.



>Xmco Partners methodology

Our method evaluates the Security risks of IT and online applications.

The goals are to identifiy the vulnerabilities and classify the risks to give you preventive actions adapted to your business.

Our technical tests follow a delimited process to focus on the main critical vulnerabilities :



Our methodology takes care about the open methodologies OSSTMM and OWASP known all over the world for their efficiency

Contact us

Intrusion banque

Points forts Xmco Other critical Pentests performed:

+ Online Bank

+ Insurance Portal

+ Car rental booking

+ Bouchers Website

+ Online bets website