Case Study: Website Security Testing For A Financial Company
Security Brigade Logo
Services | Products | Compliance | Training | Home | Clients | Contact Us
Menu
Services
Products
Training
Compliance
Whitepapers
Case-Studies
News
Media
Contact Us

Clients / Partners

Search
Website Security Testing for a Financial Company

Our Client’s Needs

The client was upgrading its web-portal to a newer version that would incorporate a sleek new Ajax based interface. The client wanted to ensure the security of its application and its customer’s data. Data security and confidentiality was of paramount importance thorough this project and the end-goal was to assess the security posture of the web application and determine any vulnerabilities that may exist.

Scope of Engagement

The Client decided on conducting an External Web Application Testing of the new web-portal and its web-services. Our scope included: Web Applications.

Methodology

Taking in-consideration the Client’s requirements, Security Brigade’s consultants identified the best methodology that would cater to the Client’s goals. The process determined was a unique combination of Open-Source, Commercial and In-house Proprietary software.

A thorough analysis was carried out while meeting industry and legal requirements, while collecting evidence that could be used for future legal action against the attackers.

Deliverables

The final report detailed all of the potential vulnerabilities and the successful exploits. After the attack phase was complete, Security Brigade personnel provided a security recommendations document to assist the client’s technical staff in improving their technical security posture and their information security policies. We also provided an executive summary to client’s senior management to assist them in their risk management decision making process.

Value Delivered

Our Web Application Testing Service allowed the Client to assess the security posture of the new Information Sharing system and the systems directly connected to it. Furthermore the Client gained the following benefits:

  • Risk Benefits: Security Brigade assisted the clients in minimizing the risks faced by the new web-portal. Furthermore they were able to thwart some potentially very serious issues that would have compromised the security of their customer’s sensitive information.
  • Cost Savings: Security Brigade suggested cost-effective risk-mitigation measures based on the customer’s business requirements that would ensure security and continuity of the business. Furthermore, we were able to identify and remediate vulnerabilities that could have been used by malicious users for financial gain. The Client was able to avoid massive financial loss through some logic based vulnerabilities.
  • Customer Satisfaction: Web Application Testing was conducted with minimum interruption to identify security vulnerabilities and potential risks.
  • Successful Business Execution: With a complete security engagement, the Client was able to launch their new web-portal in a huge way and successfully make it one of the leading financial portals today.
  • Avoided Compliance Violation: Our Client was able to avoid and remediate vulnerabilities that would have caused serious violations of Compliance and Regulatory obligations.

Copyright 2006 Security Brigade