AdvisoryFinancial ServicesClient Story

Helping Uncover Critical Application Vulnerabilities

A major capital lender turned to Security Compass for recommendations and guidance on a cost-effective, scalable process that could help them identify critical vulnerabilities which were not being found by automated scanners.
Read our other Financial Services Client Stories.

Helping to uncover critical application vulnerabilities
Financial Services

Practice Areas
  • Architecture Review and Threat Modelling
  • Web Application Security Assessment

Our Client’s Challenge:

  • Critical vulnerabilities were being missed by our Client’s automated scanners. Our Client had a security program with scheduled, security assessments that leveraged automated scanners to identify surface-level vulnerabilities, but critical vulnerabilities were not found.
  • Manual source code review could help reveal critical business logic flaws, but such reviews required experts, were time-consuming, and expensive to perform in-house.
  • Unclear on the ideal solution to help identify critical vulnerabilities without disruption to their existing process, the Client turned to Security Compass for assistance.

Our Approach:

  • Working with our Client to understand their concerns, we concluded that Security Compass’s version of threat modelling, Threat Model Express, was a solution that could best address the challenges.
  • Threat Model Express is a quick, cost-effective solution, compared to traditional threat modelling, able to identify high risk components of an application. The assessment helps prioritize the areas which are most critical to focus on for deeper assessments and can be completed in as little as 1-3 days.
  • Results from Threat Model Express are used to perform targeted vulnerability assessments against the most critical application business workflows to help uncover deeper vulnerabilities not found by automated scanners.

The Result:

  • Over 90% of vulnerabilities identified as part of this program were not identified in previous automated tests.
  • In a short time, Security Compass helped uncover critical vulnerabilities missed by automated scanners across numerous applications helping reduce the most critical risks. This was done without any disruption to our Client’s existing processes.
  • Recommendations and training sessions were delivered on how to remediate critical vulnerabilities and guidelines were created for our Client to perform the new process going forward on their own.
  • This scalable process was integrated into ongoing security activities without disruption to existing business operations and was successful in reducing risk and overall project cost.
  • The result was a reduction in critical business logic risks across the Client’s application profile and was a key driver to helping improve their overall security posture.
By leveraging results from a quick and cost effective method of threat modelling called Threat Model Express, Security Compass was able to help our Client focus in on the most critical application business workflows. Our Client was able to reduce major business logic risks and discover vulnerabilities not identified by automated scans.

Back to Client Stories

Our Advisory services team has more than a decade of experience focused on Application Security. We take a flexible approach to your strategic security problems.

Whether you are a global enterprise looking for advice on security strategy and governance, a major financial seeking support on regulatory compliance and penetration testing activities, or a startup looking for high quality assessments to give customers assurance for your business, we're here for you.

Our credentialed professionals are experts in how to break applications and fix code, who take pride in helping you succeed in your Secure SDLC and Secure DevOps programs. Contact us today to learn how we can help solve your organization’s application security challenges.