Methods to Bypass OTP in Mobile Apps Successful VAPT Scenarios

Introduction

Resecurity conducted hundreds of VAPT (Vulnerability Assessment and Penetration Testing) engagements for customers of different sizes and profiles—ranging from Fortune 100 corporations to emerging start-ups looking to test their cybersecurity controls before going live. Interestingly enough, regardless of the maturity of the company, issues related to API and authorization were identified in many cases, especially when the application had been developed by a third party.

This white paper describes the most common issues identified as a result of successful testing, when our specialists are able to identify critical vulnerabilities and recommend a path to mitigate them, thereby preventing possible damage if a real-life attack exploits these vulnerabilities and the company suffers a data breach or a leak of customer data.

These vulnerabilities have been identified in numerous mobile apps and SaaS-based applications, serving a large number of customers. Failing to patch them in a timely manner may lead to significant risks, especially in the fintech sector, where attackers may exploit such flaws for fraudulent operations, leveraging customer accounts for their own benefit bypassing MFA.

To read the complete article see: Methods to Bypass OTP in Mobile Apps: Successful VAPT Scenarios