Why read this report
The client is a leading software engineering service provider running successfully for the past five years. Their mobile and web applications empower businesses to perform better amongst competitors.
With the recent launch of their employee and customer engagement enhancing tool, the client realized the significance of cybersecurity. Primarily, they aspire to secure their applications before deploying them and follow the industry’s best practices and standards.
This report provides an overview of the security capabilities and the identified vulnerabilities in the client’s security infrastructure. The evaluation confirms the client’s compliance with the applicable security laws and regulations. It presents a way for all CISOs and CIOs to assess their organization’s security posture.
Key takeaways:
- Conduct quality evaluations for all web applications using external penetration testing.
- Organize Whitebox penetration testing for mobile applications.
- Assess whether the client has discrepancies with industry standards or other regulatory compliance.
CASE STUDY
2 STEPS TO EVALUATE A SAAS PROVIDER’S SECURITY STANCE 5 Min Read
Situation
Being a provider of web and mobile applications for years, the client faced challenges with the security of one of its recently launched tools. The tool uses communication and behavioral patterns of the employees and customers to improve the engagement rate. The client’s concern was to evaluate whether the recent and previously developed applications are mapped to the industry’s best practices and standards.
The client approached EC-Council Global Services to analyze the web and mobile applications for any unidentified flaws along with their associated ill-effects. The assigned team was also expected to detect any non-compliance against industry standards and laws.
Solution
To fulfill the aspirations of the client, a team of senior consultants at EC-Council Global Services came together to develop an assessment plan. The plan then put to immediate action.
- The team used specialized tools and techniques for carrying out quality evaluations and reviews.
- Daily reports of critical findings based on the Common Vulnerability Scoring System (CVSS) severity ratings were provided to the client.
- The client was notified about the critical vulnerabilities that could lead to significant negative impacts on their business.
- The result was further enhanced by checking whether the client complies with the industry’s best practices and security guidelines, such as the OWASP.
Services delivered
The services that were offered in this project include:
| External Web Application Assessment (Whitebox) |
| Mobile Application Assessment (Whitebox) |
| Source Code Review |
Recommendation
Based on the final result, the EGS team provided the client with an overview of the security capabilities and identified the vulnerabilities of their web and mobile applications.
The recommendations for the client were divided into two groups:
- tactical recommendations for immediate improvement and
- long-term strategic recommendations for improvement.
Even findings were categorized into low, medium, high, and critical severity ratings. The team also suggested the client with comprehensive remediation procedures.
Results
A final report was presented to the client, along with a prioritized list of recommendations for each finding identified during the assessment process.
As a result of the suggestions, the client was able to patch:
- 9 percent of vital findings, and
- 27 percent of high severity findings.
Engage with EGS: Gain greater confidence in your cybersecurity decisions by working with EC-Council Global Services’ thought leaders to apply our solutions to your specific business and technology initiatives.
| Posture Assessment Survey
An independent expert assessment of the current state of information security environment is conducted against global standards and leading industry practices to measure the overall cybersecurity maturity of your organization. |
FREE Phishing Simulation
To assess your organization’s human error vulnerabilities, take OhPhish’s FREE subscription to run simulated Phishing attacks and get a detailed actionable report. |
Vulnerability Assessment & Penetration Testing (VAPT)
EGS offers a broad range of network infrastructure, web applications, and mobile application security assessment services designed to detect and gauge security vulnerabilities. Take the FREE VAPT for up to 10 external IPs, worth USD 5000 and get a customized report! |
Related Research Documents/Links
https://blog.eccouncil.org/programmers-thinking-like-hackers-is-this-the-new-norm-for-secure-applications/
https://blog.eccouncil.org/what-every-application-developer-needs-to-know-about-sdlc/
https://www.eccu.edu/what-makes-web-applications-desirable-for-hackers-how-to-protect-yours/
https://www.eccu.edu/making-the-web-secure-by-design/
https://www.eccu.edu/alpha-and-omega-of-a-secure-software-development-life-cycle/