Home / Blog / Pentest carried out by Netitude for World Delete
Company

Pentest carried out by Netitude for World Delete

2025-10-215 min read

The pentest carried out by Netitude for World Delete delivers an in-depth assessment that identifies current, critical, priority technical risks.
This report presents verified conclusions that guide strategic decisions through clear analysis and the rigorous methodology recently applied.

The resulting documentation makes it easier to understand the vulnerabilities detected and sets corrective priorities based on solid evidence.
World Delete gains valuable information that drives continuous improvements, strengthening organizational security through the processes assessed during the audit.

General summary of the pentest carried out by Netitude for World Delete

The pentest carried out by Netitude for World Delete aimed to evaluate the security of our web application World Delete App. This audit was conducted in January 2023 over four consecutive days and was executed as part of our ongoing commitment to data protection, incident prevention and the continuous improvement of our internal systems.

During the assessment, vulnerabilities of different categories were identified, including flaws in access controls, weaknesses in authentication mechanisms and risks associated with the file upload functionality. These findings posed threats to the confidentiality of user data, the integrity of the platform and the overall stability of our services.

Netitude concluded that there were critical areas requiring immediate attention. The team delivered a detailed technical report with specific recommendations for each vulnerability detected. Thanks to this information, we were able to prioritize corrective actions according to their level of impact and urgency.

In addition to strengthening our infrastructure, this audit reaffirmed our preventive approach to cybersecurity. The external evaluation validated our commitment to transparency and our responsibility in properly managing the data entrusted to us by our users.

World Delete's reasons for undergoing a pentest

The decision to carry out a pentest arose from the need to ensure that our application met the most demanding security standards. We knew that, when handling sensitive information such as personal data and removal requests, it was essential to operate with robust, reliable infrastructure aligned with international best practices.

Before facing any real incident, we wanted to identify weaknesses that an attacker might try to exploit. This preventive assessment allowed us to anticipate risks, reinforce essential components and significantly reduce the possibility of unauthorized access or data leaks.

We also sought to validate our existing security practices. Having an external provider such as Netitude allowed us to obtain an objective, professional assessment based on recognized methodologies and up to date technical criteria. This helped us correct weaknesses, but also confirm which internal practices were already working correctly.

Finally, we considered it important to demonstrate to our most demanding users that security is not an abstract concept but a tangible commitment backed by concrete actions. The pentest was a key decision to strengthen the platform's trust and credibility.

Technical environment evaluated during the pentest carried out by Netitude

The analysis focused on our web application environment, one of the pillars of our digital operation. Netitude ran the tests from the outside, without prior privileged access, simulating the behavior of a real attacker attempting to discover vulnerabilities without valid credentials.

The team evaluated our authentication mechanisms, access control, file uploads, session management and interaction between user profiles. This thorough review made it possible to identify inconsistencies in permission assignment and detect routes that could be exploited without proper validation.

The information gathered during this phase was essential to understanding which points of the system were most sensitive. Based on these results, we defined a clear technical plan to correct the weaknesses detected and improve the platform's protection layers.

Main vulnerabilities identified and their criticality

The audit identified thirteen vulnerabilities classified as four critical, three high and six medium. This classification made it easier to prioritize corrective actions.

The most serious flaws were related to access controls. Two endpoints allowed sensitive information to be viewed without authentication, including encrypted passwords, calendars and photographs. This exposure represented a significant risk to user privacy and security.

Problems were also detected in file uploads, which allowed unnecessary and potentially dangerous formats to be uploaded. Combined with other vulnerabilities, this gap could be used to carry out targeted attacks or distribute malicious content.

The authentication weaknesses included insufficient password policies and the absence of lockout mechanisms after failed attempts. Although some roles had multi-factor authentication, there was room for improvement in the overall protection of accounts.

Impact of the pentest on access controls

One of the most significant findings was the exposure of private information through unprotected endpoints. This revealed the need to review all permission logic, both in the user interface and in our internal APIs.

In response, we redesigned the validation flows, applied stricter restrictions and closed routes that could be queried without authentication. These improvements significantly reduced the risk of improper access.

Assessment of file uploads and risks detected during the pentest

Netitude identified that the platform allowed the upload of file types that were not essential and could pose a risk. This increased the possibility of attacks through executable files or malicious content.

We reacted by strictly restricting the permitted formats and applying additional filters. These improvements prevented possible exploitation attempts and strengthened a crucial component of the application.

Findings on authentication and sessions after the pentest carried out by Netitude

The analysis revealed deficiencies in password management, the absence of limits on failed attempts and prolonged sessions without proper expiration. These factors could facilitate unauthorized access.

We implemented stricter policies, reinforced passwords, added automatic lockouts and extended multi-factor authentication to relevant roles. These improvements notably raised the level of security.

Technical recommendations derived

The main recommendations included:

  • Review and strengthen access controls.

  • Strictly limit and secure file uploads.

  • Reinforce authentication and session policies.

All of these actions were integrated into a remediation plan currently underway.

Next steps after the pentest carried out by Netitude

The consultants recommended holding a technical debrief, verifying the correct application of access controls, securing file uploads and scheduling a final retest to validate the corrections.

Certification process through the pentest

The pentest carried out by Netitude represented a significant step forward in our security maturity. Its findings allowed us to correct weaknesses, improve processes and increase the trust of our users. We will continue to perform periodic evaluations to maintain a secure, robust platform aligned with the best practices in the sector.

Ready to clean up your online presence?

Our team reviews your case for free and tells you exactly what can be removed and how.

Start free analysis