Advisory Retail Client Story

Managed Penetration Testing Across Hundreds of Applications Company-Wide

A Fortune 100 retail, media and entertainment conglomerate turned to Security Compass for assistance to perform company-wide, managed penetration testing across hundreds of applications.

Global
Retail, Entertainment

Practice Areas
  • Security Program Management and Execution
  • Application Risk Profiling
  • Web Application Security Assessment
  • Mobile Application Security Assessment
  • Desktop Application Security Assessment


Our Client’s Challenge:

  • Our Client had a desire to improve their application security posture enterprise-wide across global business lines and application groups.
  • They did not have a standardized verification methodology for application testing. Ownership of security was dispersed across the organization for hundreds of customer-facing applications.
  • As a single application involved a variety of stakeholders, the logistics to prepare for a security assessment, such as project management and obtaining buy-in from key stakeholders, was a big challenge that was compounded by having a small internal security team.
  • Our Client sought Security Compass’s expertise to help develop a testing framework that could allow for a consistent, methodological approach to security testing and reduce risk across the entire enterprise application profile.
  • They were generally unsure of how many applications and systems were deployed across the organization and needed to get a sense for the level of risk exposure.

Our Approach:

  • Security Compass engaged with key stakeholders and performed a thorough review of our Client’s business units and strategic objectives. This developed into a partnership model with our Client’s security team.
  • Security Compass would assist with technical expertise and delivery, allowing the Client to focus on vulnerability management and strategic direction. Our partnership achieved acceptance with key stakeholders as Security Compass worked side-by-side as part of our Client’s security assessment team.
  • Security Compass supported logistical and project management efforts by setting up timelines and communicating deliverable dates. For each application, we executed penetration testing in coordination with our Client’s application teams, helping corporate security stay focused on overall risk management activities.
  • As our Client did not have a full risk profile of applications in their organization, Security Compass first performed surface scans of external-facing applications to identify and then prioritize the highest risk applications.
  • Having an understanding of the external application profile, the program was expanded to internal applications. Focused penetration tests were then performed against the highest risk applications, slowly building a risk profile across known assets and allowing our Client’s risk management and remediation team to take over.

The Result:

  • Security Compass provided vulnerability focused, risk profiles of all externally identified web applications. This helped our Client build a manageable external application profile to help track future application risks and actionable vulnerability data to reduce the immediate risks facing the organization.
  • Through a close working relationship and partnership approach, Security Compass helped our Client raise awareness amongst internal business teams to communicate the importance of this application security effort. We were able to help establish a bridge between the corporate security team with the application teams.
  • Our Client was able to understand application risk profiles and develop relationships with key application stakeholders. As a result of partnering with Security Compass, they became armed with a robust framework for risk profiling and penetration testing which could be used on their own and built upon in the future.
By partnering with Security Compass to develop a penetration testing program and framework to assess hundreds of applications, our Client was able to understand the risk profiles of applications across global business units, giving them the data and experience necessary to build out a comprehensive application security program.

Back to Client Stories

Contact Us

You’re different, and we know it.

We are your guide to planning, assessing, and helping you build secure information systems to keep your business productive.

Contact us to find out how we can help you.

 
Mostly
Some of
 
(Choose One)
(All that apply)
Web Search
Online Ad
White Paper
Analyst Report
Trade Show
Worked With Us Elsewhere
Referral
Other