Case Study: How 3Cyber-Sec conducted web service penetration tests and security source code review for ZigZag Global

Dec 2, 2021 | Case Studies | 0 comments

ZigZag Global is one of the recognizable names in the e-commerce industry and one of the leaders in its specific niche – returning products and goods. The company works globally and helps retailers manage their returns thanks to 320 000 different drop-off locations, 450 international carrier services, and 220 warehouses in 135 countries.

The company is positioned on the biggest marketplaces and works with prominent tech and strategic partners like Zendesk, Microsoft Dynamics, EON, Aramex Delivery Unlimited, API2CART, Honeywell, and more. 

For us, it was quite a compliment when ZigZag Global reached out to us at the end of August 2021 with a request for regular cybersecurity checks/penetration testing of their primary system. 

ZigZag Global’s challenge

ZigZag Global had to carry out a cybersecurity checking of their system. That was a preventive measure but was also a requirement by one of their primary clients. The company got in touch with 3Cyber-Sec after they received a recommendation about the quality of our services. 

The client (ZigZag Global) needed penetration testing services of their API infrastructure and security source code review of the back-end system. During the process, the team of 3Cyber-Sec checked over 30 000 lines of source code. “When ZigZag contacted us, they knew that we had the expertise and capacity to carry out such extensive and in-depth research in their system.” – shares Todor Kunev, Board advisor of 3Cyber-Sec.

3Cyber-Sec’s Solution 

Together with internal teams from Zig Zag, we built a custom action plan and completed the following sequence of activities: 

  •  We studied in detail the description of the systems’ environment and infrastructure provided by ZigZag Global; 
  •  Build a test environment, which was a copy of the production environment. That was the place where we performed the penetration testing; 
  • Actively conducted offline source code review and tested the API and microservice infrastructure of the company;
  • Prepared and submitted two different reports about our findings;
  • Presented the results to the CTO and head of IT Infrastructure at ZigZag Global. 

The biggest challenge in this project was the security source code review due to the large volume of the code we had to go through. Everything went smoothly thanks to the great cooperation of the team of ZigZag Global. 

The outcome  

During our work, we found out something that had the potential to put in jeopardy the whole business of our client. We located a new vector for an attack that could affect the whole operation of ZigZag Global. Due to the scope of the potential threat, the client took immediate measures and this vulnerability was remediated. We also found several bad practices in the code of the microservice infrastructure that was dealt with. 

Thanks to 3Cyber-Sec a vulnerability that could be exploited by hackers was found and mitigated. If this wasn’t done, sooner or later hackers would probably reach the same vector of attack that we reached. If you also need help with your cybersecurity, feel free to get in touch with us. We will be happy to help. 

Get Instant Access to Cybersecurity News & Advice