Advisory Financial Services Client Story

Helping Uncover Critical Application Vulnerabilities

A major capital lender turned to Security Compass for recommendations and guidance on a cost-effective, scalable process that could help them identify critical vulnerabilities which were not being found by automated scanners.

Global
Financial Services

Practice Areas
  • Architecture Review and Threat Modelling
  • Web Application Security Assessment


Our Client’s Challenge:

  • Critical vulnerabilities were being missed by our Client’s automated scanners. Our Client had a security program with scheduled, security assessments that leveraged automated scanners to identify surface-level vulnerabilities, but critical vulnerabilities were not found.
  • Manual source code review could help reveal critical business logic flaws, but such reviews required experts, were time-consuming, and expensive to perform in-house.
  • Unclear on the ideal solution to help identify critical vulnerabilities without disruption to their existing process, the Client turned to Security Compass for assistance.

Our Approach:

  • Working with our Client to understand their concerns, we concluded that Security Compass’s version of threat modelling, Threat Model Express, was a solution that could best address the challenges.
  • Threat Model Express is a quick, cost-effective solution, compared to traditional threat modelling, able to identify high risk components of an application. The assessment helps prioritize the areas which are most critical to focus on for deeper assessments and can be completed in as little as 1-3 days.
  • Results from Threat Model Express are used to perform targeted vulnerability assessments against the most critical application business workflows to help uncover deeper vulnerabilities not found by automated scanners.

The Result:

  • Over 90% of vulnerabilities identified as part of this program were not identified in previous automated tests.
  • In a short time, Security Compass helped uncover critical vulnerabilities missed by automated scanners across numerous applications helping reduce the most critical risks. This was done without any disruption to our Client’s existing processes.
  • Recommendations and training sessions were delivered on how to remediate critical vulnerabilities and guidelines were created for our Client to perform the new process going forward on their own.
  • This scalable process was integrated into ongoing security activities without disruption to existing business operations and was successful in reducing risk and overall project cost.
  • The result was a reduction in critical business logic risks across the Client’s application profile and was a key driver to helping improve their overall security posture.
By leveraging results from a quick and cost effective method of threat modelling called Threat Model Express, Security Compass was able to help our Client focus in on the most critical application business workflows. Our Client was able to reduce major business logic risks and discover vulnerabilities not identified by automated scans.

Back to Client Stories

Contact Us

You’re different, and we know it.

We are your guide to planning, assessing, and helping you build secure information systems to keep your business productive.

Contact us to find out how we can help you.

 
Mostly
Some of
 
(Choose One)
(All that apply)
Web Search
Online Ad
White Paper
Analyst Report
Trade Show
Worked With Us Elsewhere
Referral
Other

Security Compass Logo