The client is an American multinational pharmaceutical corporation headquartered in New York City, and is among the world's largest pharmaceutical companies by revenue.
The client approached us with issues around application vulnerability due to aggressive deployment deadlines and incorrect coding. It was concerned with addressing challenges related to ever-changing attack vectors, regulations like HIPAA and GDPR, and supporting latest trends like wearable devices, where attack vectors are unknown.
We devised a solution that comprised of the following:
• Factory model process to complete scoping, automated scanning, manual testing, and reporting within five business days
• OWASP top 10 and CWE/ SANS top 25 based standardized test plan to cover heterogenous environments like web, mobile, wearable devices, and latest security standards
• SharePoint based portal for web-based reporting, trending vulnerability data, and remediation tracking
• Portal where users can request testing service, which also collects detailed data of the application thereby eliminating the need to coordinate with users for data collection
Our innovative solutions allowed the client to experience the following benefits:
• Vulnerabilities in the system were detected before any criminal attacks could take place
• The risk posed by malicious insiders, accidental insider threats, and attackers that may breach perimeter controls were reduced considerably
• Regulatory compliant applications were deployed
• Web-based reporting of all identified exploits and remediation status was set up