Overview
Gift Management Asia Pte. Ltd. (Giift) drives the largest and most progressive global loyalty marketplace – a gateway to a new reality in loyalty. The Giift marketplace is a network where loyalty programs and customers from anywhere in the world converge, interact, and engage. Our client noticed a significant number of issues and wanted us to locate every single one, ensuring the platform is bug‑free from the start and delivers a seamless user experience.
Executive Summary
Giift, a global loyalty marketplace, engaged TestUnity to conduct comprehensive security testing of its web platform. Our team defined testing scope, secured authorization, used reliable tools, validated all findings, delivered a detailed report, and ensured PCI‑DSS & GDPR compliance. The result: critical vulnerabilities identified, regulatory compliance achieved, and a trusted partnership formed.
The Challenge
Giift had numerous security issues across its loyalty marketplace. The goal was to identify every vulnerability, ensuring the platform was secure from the start. Key challenges included:
- Complex attack surface – Sensitive loyalty data and partner integrations.
- Compliance requirements – PCI‑DSS and GDPR mandates.
- Time‑sensitive deadlines – Third‑party timelines demanded quick testing.
The Solution
TestUnity performed web application penetration testing (VAPT) with a systematic approach:
- Scope definition – Identified all attack vectors with Giift’s team.
- Authorization secured – Proper permissions before testing.
- Reliable tools – Minimized false positives/negatives.
- Validation of findings – Ensured accuracy and exploitability.
- Comprehensive reporting – Detailed report with recommendations.
- Compliance assurance – PCI‑DSS and GDPR followed.
The Approach
- Reconnaissance – Mapped architecture and entry points.
- Vulnerability scanning – Automated detection of common flaws.
- Manual exploitation – Real‑world attack simulation.
- Reporting & remediation – Actionable fixes and retesting.
📊 Key Results
- Critical vulnerabilities identified – Enabled proactive mitigation.
- Security posture assessed – Effectiveness of controls evaluated.
- Regulatory compliance achieved – PCI‑DSS and GDPR met.
- Cost savings – Early detection prevented costly incidents.
- Trusted partnership – Positive engagement and delivery.
“TestUnity came to our defense with their team of talented and professional Cybersecurity experts and their full package of Cyber Security engineering services and solutions. Their team not only did a splendid job close out last minutes requirements but also went above and beyond to support us to make sure we meet third party timelines. They ensured positive engagement and successful partnership throughout the project with their communication, timeliness, and skills. We would recommend TestUnity as a trusted partnership.”
Download Success Stories
Latest QA Blogs
Accessibility Testing Guide: WCAG, Tools & Best Practices for 2026
In today’s globally connected digital economy, building software that is usable by everyone is no longer a niche consideration—it is a fundamental requirement for ethical design, legal compliance, and market success. Accessibility testing is the specialized practice of evaluating digital products—websites, applications, and software—to ensure they can be used effectively by people with a wide range of […]
All that you need to know about Accessibility Testing
Every business wants to increase the reach of its software application to as many users as possible. Yet, so many applications never attain their potential, just because the design or implementation of the application didn’t have every type of end-user in mind. Is your testing approach keeping your application from being accessible to all? What […]
Get In Touch
Connect with us directly
Our credentials
