Leading culinary marketplace boosts security with comprehensive assessments

The client aimed to strengthen the security posture of their digital solutions, ensuring the protection of user data and transaction security, especially during peak load periods.

N-iX helped the client conduct annual security assessments of their digital solutions, focusing on external interfaces and business logic implementation while identifying security flaws, vulnerabilities, and misconfigurations.

Our security professionals conducted comprehensive penetration testing using the black-box technique. We followed the OWASP Web Security Testing Guide checklist to ensure that no critical areas were missed. The checklist covers various aspects of web security, including authentication, session management, input validation, etc.

Additionally, we set up an automated security audit for the AWS environment using Scout Suite and implemented Two-Factor Authentication (2FA) for fund withdrawals and changes to sensitive information. We ensured that all data-handling practices comply with GDPR requirements.

Finally, N-iX specialists developed a custom admin system with role-based permissions for content and event management, partner onboarding, and statistical monitoring.

1. Apache Airflow serves as a job orchestration tool.
2. Amazon EMR runs queries against the source table and stores the results in Amazon S3.
3. Amazon SNS is automatically triggered when a file lands in S3, then invokes a Lambda function.
4. The Lambda function triggers batch transform jobs, powered by Amazon SageMaker.
5. Amazon SageMaker provides model hosting, deployment, and inference.
6. The output data is stored in Amazon S3.
7. The Tableau report is generated based on the output data.
8. A Docker image is created for the Sagemaker transform job processing and hosted on Amazon ECR.
9. All Sagemaker logs are stored in AWS CloudWatch.

• Conducted regular security assessments with detailed reports containing collected data, identified security vulnerabilities, and recommended mitigation measures;
• Enhanced security with timely remediation and risk mitigation;
• Streamlined and improved the accuracy of the security testing process by following OWASP best practices.