Cheqroom

CHEQROOM provides a cloud-based equipment management platform used by organizations to track and manage assets across web and mobile environments. As a growing SaaS provider working with global brands such as Google, Netflix, and VICE, security validation was essential.

Operating on AWS infrastructure, the platform required structured security assessment across:

• API endpoints
• Authentication and registration flows
• User and invitation management
• Inventory management systems
• Subscription plan logic
• Single Sign-On (SSO) and LDAP integrations

For enterprise SaaS platforms handling sensitive operational data, vulnerabilities in APIs or authentication systems can directly impact customer trust and contractual obligations.

CHEQROOM required comprehensive penetration testing to validate its security posture and provide demonstrable assurance to clients.

Cyrex conducted comprehensive white box penetration testing, reviewing CHEQROOM’s internal implementations with full architectural visibility.

The engagement focused heavily on API security and authentication mechanisms, given their central role in SaaS platform integrity.

Our testing included evaluation of:

• Invitation management workflows
• User management logic
• Inventory management systems
• Authentication and registration processes
• Subscription plan handling
• SSO and LDAP integration mechanisms

We assessed access control enforcement, input validation, and business logic protections to ensure secure separation between tenants and user roles.

Through structured testing, Cyrex identified vulnerabilities and provided actionable remediation guidance aligned with SaaS best practices.

Following patch implementation, we conducted:

• Sanity testing
• Regression testing

This ensured vulnerabilities were fully resolved and no new issues were introduced during remediation.