Business Background
The client is a multinational insurance firm with more than $1 billion dollars annual turnover. Our customer provides consumer insurance services including Life, health insurance, Property insurance, Casualty insurance and Investment management. The particular Application was meant for India based branches only and was used only for internal use by the employees to add/delete/update insurance policies.
Objective
Penetration testing before the release of the application.
The Challenge
The main challenge that our team faced was a short testing time window because client had a hard deadline to move the application into production quickly and because the application contained highly sensitive customer data with a Portal so internal teams can Add/Change/Delete policies of users, it was very important that the portal must be free from any high-severity vulnerability that might lead to compromise of the application.
The Solution
Key highlights of the security assessment are as below:
- Functional Mapping of the entire portal including all end points and hidden parameters.
- Assessment of anti-DDOS solutions efficiency
- Special Attention was given on the Authentication and Database part as well as zero days vulnerabilities
- Intelligent automation of testing, Industry’s most advanced logical testing approach, Intelligent Vulnerability scanning by our elite team of ethical hackers following checks listed in OWASP verification standard + Appsecuri Extras
- Vulnerability correlation & Removal of false positives
- Leveraged the known vulnerabilities to further penetrate the Client’s application architecture and identify the True Impact of the vulnerabilities
- Report Generation.
- Reset After Fix.
The Deliverables
- Daily Status Reports and Weekly status reports
- Comprehensive information, proof of concept examples and detailed Exploitation instructions of all the threats and vulnerabilities identified
Outcomes
- Reduced security breach risks.
- Reduced risk of reputational damage and associated costs.
Benefits
By conducting thorough security tests and identifying high-severity vulnerabilities
the Client gained the following benefits:
Risk Benefits: Appsecuri has discovered 4 Critical security Issues and 8 High Category Issues, Appsecuri minimized security risks by assessing the customer’s infrastructure vulnerabilities as well and recommended solutions with proven methods to enhance security
Speedy service: Client was particularly impressed by how soon Appsecuri could carry out the penetration test and how quickly the reports were delivered.
Cost Savings: Appsecuri suggested cost-effective risk-mitigation measures based on the customer’s business requirements ensuring security and continuity of the business
Customer Satisfaction: Web-Application Security Assessment was conducted with minimum interruption and damage across customer systems to identify security vulnerabilities, impacts, and potential risks.
Compliance: As an added bonus, the Client was able to utilize the information gained from this Web Application Security Assessment to easily gain industry certifications and provide a higher level of service to its customers.
Insurance Company
Security testing of
National Insurance
company with billion
dollar turnover
