KKeensafeCompliance

Compliance overview

15Open findings
3Critical
12Frameworks tracked
15Currently open

Coverage by framework

FrameworkDomainFindings touching
ISO/IEC 27001:2022ISMS14
MITRE ATT&CKAdversary TTPs8
NIST SP 800-53 r5Federal controls7
OWASP Top 10 (2021)Web7
PCI DSS v4.0Cardholder data6
OWASP API Security Top 10 (2023)API6
NIST Cybersecurity Framework 2.0Risk5
SOC 2 Type IITrust services4
CIS Controls v8.1Hardening2
GDPR (EU 2016/679)Privacy2
KVKK (Türkiye 6698)Privacy2
DORA (EU 2022/2554)Operational resilience1

Open findings

IDTitleServiceSeverity
f-001SQL injection in /login (online.keensafeglobalbank.com)internet-bankingcritical
f-002BOLA / IDOR in /api/v1/accounts/{id}public-apihigh
f-003SSRF in /api/v1/fetchpublic-apihigh
f-004Stealer-log credential reused on /admin/loginadmin-panelcritical
f-005Weak JWT — alg=none acceptedinternet-bankinghigh
f-006Path traversal in /files/download and /api/v1/exportinternet-banking + public-apihigh
f-007Stored XSS in admin notes and support commentsadmin-panel + support-portalmedium
f-008Mass assignment — PUT /api/v1/users/{id} accepts rolepublic-apihigh
f-009Wide-open CORS on api.keensafeglobalbank.compublic-apimedium
f-010Sensitive backup zip exposed at /backup/corporate-webhigh
f-011Prompt injection / system-prompt leakage on chatbotllm-chatbothigh
f-012Hard-coded admin / admin123 + MFA accepts 0000admin-panelcritical
f-013Audit log tampering — DELETE /audit-logs/{id}admin-panelhigh
f-014GDPR / KVKK over-disclosure — customer records via /customer-lookupsupport-portalhigh
f-015Leaked AWS keys in build logs (Jenkins) and SDK samplesjenkins + developer-portalhigh