appsecuri

Insurance Company

Business Background

The client is a multinational insurance firm with more than $1 billion dollars annual turnover. Our customer provides consumer insurance services including Life, health insurance, Property insurance, Casualty insurance and Investment management. The particular Application was meant for India based branches only and was used only for internal use by the employees to add/delete/update insurance policies.

Objective

Penetration testing before the release of the application.

The Challenge

The main challenge that our team faced was a short testing time window because client had a hard deadline to move the application into production quickly and because the application contained highly sensitive customer data with a Portal so internal teams can Add/Change/Delete policies of users, it was very important that the portal must be free from any high-severity vulnerability that might lead to compromise of the application.

The Solution

Key highlights of the security assessment are as below:

  • Functional Mapping of the entire portal including all end points and hidden parameters.
  • Assessment of anti-DDOS solutions efficiency
  • Special Attention was given on the Authentication and Database part as well as zero days vulnerabilities
  • Intelligent automation of testing, Industry’s most advanced logical testing approach, Intelligent Vulnerability scanning by our elite team of ethical hackers following checks listed in OWASP verification standard + Appsecuri Extras
  • Vulnerability correlation & Removal of false positives
  • Leveraged the known vulnerabilities to further penetrate the Client’s application architecture and identify the True Impact of the vulnerabilities
  • Report Generation.
  • Reset After Fix.

The Deliverables

  • Daily Status Reports and Weekly status reports
  • Comprehensive information, proof of concept examples and detailed Exploitation instructions of all the threats and vulnerabilities identified

Outcomes

  • Reduced security breach risks.
  • Reduced risk of reputational damage and associated costs.

Benefits

By conducting thorough security tests and identifying high-severity vulnerabilities the Client gained the following benefits:

Risk Benefits: Appsecuri has discovered 4 Critical security Issues and 8 High Category Issues, Appsecuri minimized security risks by assessing the customer’s infrastructure vulnerabilities as well and recommended solutions with proven methods to enhance security

Speedy service: Client was particularly impressed by how soon Appsecuri could carry out the penetration test and how quickly the reports were delivered.

Cost Savings: Appsecuri suggested cost-effective risk-mitigation measures based on the customer’s business requirements ensuring security and continuity of the business

Customer Satisfaction: Web-Application Security Assessment was conducted with minimum interruption and damage across customer systems to identify security vulnerabilities, impacts and potential risks.

Compliance: As an added bonus, the Client was able to utilize the information gained from this Web Application Security Assessment to easily gain industry certifications and provide a higher level of service to its customers.

Industry


  • Insurance

Challenge


  • Gain complete visibility into network
  • Protect against sophisticated and rapidly-evolving cyber-attacks

Vulnerabilities Found


  • Data accessible without authorization/authentication
  • SQL Injection
  • Application was vulnerable to CSRF attack
  • Application was vulnerable to HTML Injection/XSS
  • DMARC and SPF Record Missing
  • Frameable response
  • SSL Security not enforced
  • Headers based protections missing
  • CORS Bypass and other Logical security issues

Here you'll find all the latest industry news and research by the experts at Appsecuri.

name


email


phone


message


Congratulations. Your message has been sent successfully.
Error, please retry. Your message has not been sent.

Request our free 24-Hour penetration test and get vulnerability report.


  • Evaluate skills before any type of engagement with Appsecuri.
  • Level-1 Testing with manual approach in addition to static/dynamic.
  • Get a clear picture of root findings with mitigations in the report.
  • 90% of the time we find unknown hidden critical/high vulnerabilities.



Leave a Reply

Your email address will not be published.


Comment


Name

Email

Url