Case Study: HostUp

HostUp is a Swedish cloud provider that offers Virtual Private Servers (VPS), shared hosting, domain name management and monitoring. The engagement involved a black-box security assessment to simulate an external attack and identify vulnerabilities in the customer panel’s API.

The project’s objective was to perform a thorough review of the panel’s authentication logic, access control, and overall security. Our assessment included a series of checks for various vulnerabilities, such as injection flaws (email, markdown and code), file upload vulnerabilities, and metadata leaks. We also verified the implementation of two-factor authentication (2FA) and performed a comprehensive review against the OWASP Top 10 security vulnerabilies. The engagement concluded with a detailed report outlining the findings and providing a list of best practices.