SlideShare a Scribd company logo

Cloud Application Security Service

Briskinfosec Technology and Consulting
Briskinfosec Technology and Consulting

We completely secured the cloud application from most common attacks by hardening the default configuration.

Technology
1 of 3
Download to read offline
INDUSTRY Marketing Service Commercial Marketing OWASP, PTES, ISO27001, ITIL, ASVS STANDARDS PRIMARY SECTOR ABOUT CUSTOMER Our Stakeholder is one of the leading Commercial Marketing agents throughout the globe. They are one of the mightiest forces which drive higher sales and market share for consumer goods manufacturers and retailers around the world. They are the nation’s leading agency for food and non-food manufacturers, distributors and other operators across all away-from-home meal channels. More than 12000+ employees are working in the Organization. They are also the sales and marketing powerhouse behind the most recognised brands and a proven resource for top retailers all across the U.S. and Canada providing flexible solutions backed by talent, technology, reach and relationships. They have been the pioneer all over the globe providing their highest ethical standards of service. Largest Marketing Cloud Application Briskinfosec secured TYPE OF SERVICES : Cloud Application Marketing Services CASE STUDY OFFERED SERVICE Penetration Test APAC LOCATION
ASSESSMENT SCOPE To fix the vulnerabilities in the cloud application, the Stakeholder wanted us to conduct a proactive Cloud appli- cation security testing. As the given application was an internal web application, the testing will be done by SAAS (security as a Service). The IP’s of the application was given, and the ultimate goal was to ensure that the cloud application is free from vulnerabilities that may compromise the application. THE SOLUTION Briskinfosec followed standards like Open Web Applica- tion Security Project (OWASP) TOP 10 and Application Security Verification Standards (ASVS) to identify all exposed vulnerabilities in the Website. BriskInfosec’s security team completely tested the Website by using frameworks. Key highlights of the vulnerability fix are as below : | Serious issues related to Input validation and authorisation, session management and cookies handling were identified, and the Development Team fixed the identified bugs. | Platform level vulnerabilities were identified in the cloud application safeguarding the Source code of the application. | We completely secured the cloud application from most common attacks by hardening the default configuration. | We performed vulnerability assessment by both automation and manual method of identifying the issues. | We provided the complete bug fixing document as a reference to your development team. TECHNICAL SECURITY ASSESSMENT REPORT Complete security testing was carried. All the detected issues and the proof of concept( POC ) will be covered with detailed steps in a PDF format. THE DELIVERABLE The reports and remediation information provided were customised to match the Stakeholder’s operational environment and development framework. The following reports were submitted to the customer: Key highlights of the bug fix are as below : ISSUE TRACKING SHEET All the identified issues were captured and will the be subjected for the retest review in a XLS format. | DAILY STATUS REPORT During the process of security testing, issues in cloud application were identified and we shared all identi- fied issues with corresponding recommendation Fix over mail on a daily basis. Our prospect looked at the given valid report (XLS) and started working the fix right from Day 1 as they need not work laboriously on the last day when the entire report is given by the security team thus making their final assessment report easier for preparation. FINAL BUG FIX REPORT Overview of the entire engagement, the issues identified and the recommendations were made to mitigate the same. OWASP ASVS Application security test was executed with the respective of OWASP ASVS (APPLICATION SECURITY VERIFICATION STANDARD) and Issue mapping sheet was shared along with security assessment report. CHALLENGES During vulnerability assessment, there were many challenges faced by our technical team. The challenges are cited below : | Since the application was hosted in cloud, we couldn’t directly access the application. | We had to procure permission from 3rd party groups as they were also a part of it. | We had to get then their authentication and approval for the measurement of not being a stranger accessing their applications but trusted and officially hired security team from Briskinfosec. | Only after this, we had to proceed with the security testing process. | One IP address was mentioned for testing. Only with that IP, our team was allowed to access the cloud applications. | If we used other area’s for testing which isn’t customised under that mentioned IP, then it becomes a breach against ethical service.
B R I S K I N F O S E C TECHNOLOGY AND CONSULTING PVT LTD contact@briskinfosec.com www.briskinfosec.com 044 - 43524537 +91-8608634123 CONCLUSION We educated our Stakeholder on the measures to be taken for remedying the various flaws in their systems and processes. For remediation, we educated them about the necessary procedures such as the monitoring of their cloud applications daily and most significantly emphasising them about the need to tighten their security to cult Quality. We also insisted them to implement Web Application Firewall (WAF) for hardening their firewall and making it stronger. We then advised them to enhance log monitoring for security purposes. Also, we insisted them that their day to day networks to get segregated from the system storing sensitive personal information. Finally, we worked closely with our Stakeholder to improve policies, procedures and employee awareness programmes to increase their security maturity. | Because of this, too much of time was consumed to scan every part of testing process. But with perseverance and sheer grit, Briskinfosec completed the vulnerability assessment and reduced the vulnerabilities. RISK BENEFITS Brisk Infosec diminished security risks by assessing the customer’s infrastructure vulnerabilities and recom- mended solutions with proven methods to enhance security. CUSTOMER SATISFACTION Cloud-based Web-Application security testing was conducted with minimum interruption and damage across other customer systems to identify security vulnerabilities, impacts, and potential risks. COST SAVINGS Brisk Infosec suggested cost-effective measures based on the customer’s business requirements that would ensure security and continuity of the business. SUPPORT We offering 1year support with periodic security assessment review to keep customer stay and secure.

Recommended

Website Security Service.pdf
Website Security Service.pdfWebsite Security Service.pdf
Website Security Service.pdfBriskinfosec Technology and Consulting
 
Web Application Security.pdf
Web Application Security.pdfWeb Application Security.pdf
Web Application Security.pdfBriskinfosec Technology and Consulting
 
webapplication-security-assessment-casestudy
webapplication-security-assessment-casestudy webapplication-security-assessment-casestudy
webapplication-security-assessment-casestudy AbiramiManikandan5
 
Mobile Application Security Service.pdf
Mobile Application Security Service.pdfMobile Application Security Service.pdf
Mobile Application Security Service.pdfBriskinfosec Technology and Consulting
 
Appsecco case studies 2019
Appsecco case studies 2019Appsecco case studies 2019
Appsecco case studies 2019Appsecco
 
Security Testing
Security TestingSecurity Testing
Security TestingPratham Software (PSI)
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyNandita Nityanandam
 
Appsecco case studies 2020
Appsecco case studies 2020Appsecco case studies 2020
Appsecco case studies 2020Appsecco
 

Recommended

Website Security Service.pdf
Website Security Service.pdfWebsite Security Service.pdf
Website Security Service.pdfBriskinfosec Technology and Consulting
 
Web Application Security.pdf
Web Application Security.pdfWeb Application Security.pdf
Web Application Security.pdfBriskinfosec Technology and Consulting
 
webapplication-security-assessment-casestudy
webapplication-security-assessment-casestudy webapplication-security-assessment-casestudy
webapplication-security-assessment-casestudy AbiramiManikandan5
 
Mobile Application Security Service.pdf
Mobile Application Security Service.pdfMobile Application Security Service.pdf
Mobile Application Security Service.pdfBriskinfosec Technology and Consulting
 
Appsecco case studies 2019
Appsecco case studies 2019Appsecco case studies 2019
Appsecco case studies 2019Appsecco
 
Security Testing
Security TestingSecurity Testing
Security TestingPratham Software (PSI)
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyNandita Nityanandam
 
Appsecco case studies 2020
Appsecco case studies 2020Appsecco case studies 2020
Appsecco case studies 2020Appsecco
 
Introducing safenetix
Introducing safenetixIntroducing safenetix
Introducing safenetixLori Wood
 
7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web applicationTestingXperts
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWSAlert Logic
 
Patient Safety Cloud Solution Brochure
Patient Safety Cloud Solution BrochurePatient Safety Cloud Solution Brochure
Patient Safety Cloud Solution BrochureCovance
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Bossrbrockway
 
IBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewIBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewAshish Patel
 
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdfCisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdfNathanDjami
 
Thick Client Penetration Testing Modern Approaches and Techniques.pdf
Thick Client Penetration Testing Modern Approaches and Techniques.pdfThick Client Penetration Testing Modern Approaches and Techniques.pdf
Thick Client Penetration Testing Modern Approaches and Techniques.pdfElanusTechnologies
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - PrintAndrew Kanikuru
 
Open text security services catalog
Open text security services catalogOpen text security services catalog
Open text security services catalogMarc St-Pierre
 
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App SecWhat the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App SecIBM Security
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxYoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxVictoriaChavesta
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Mykhailo Antonishyn
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxAardwolf Security
 
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...Outpost24
 
Scaling AppSec through Education
Scaling AppSec through EducationScaling AppSec through Education
Scaling AppSec through EducationGrant Ongers
 
What is needed to start trusting the security of your applications in the cloud?
What is needed to start trusting the security of your applications in the cloud?What is needed to start trusting the security of your applications in the cloud?
What is needed to start trusting the security of your applications in the cloud?PECB
 
Breached! App Attacks, Application Protection and Incident Response
Breached! App Attacks, Application Protection and Incident ResponseBreached! App Attacks, Application Protection and Incident Response
Breached! App Attacks, Application Protection and Incident ResponseResilient Systems
 
Many products-no-security (1)
Many products-no-security (1)Many products-no-security (1)
Many products-no-security (1)SecPod Technologies
 
Web Application Penetration Testing.pdf
Web Application Penetration Testing.pdfWeb Application Penetration Testing.pdf
Web Application Penetration Testing.pdfBriskinfosec Technology and Consulting
 
Website Penetration Testing Services.pdf
Website Penetration Testing Services.pdfWebsite Penetration Testing Services.pdf
Website Penetration Testing Services.pdfBriskinfosec Technology and Consulting
 

More Related Content

Similar to Cloud Application Security Service

Introducing safenetix
Introducing safenetixIntroducing safenetix
Introducing safenetixLori Wood
 
7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web applicationTestingXperts
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWSAlert Logic
 
Patient Safety Cloud Solution Brochure
Patient Safety Cloud Solution BrochurePatient Safety Cloud Solution Brochure
Patient Safety Cloud Solution BrochureCovance
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Bossrbrockway
 
IBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewIBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewAshish Patel
 
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdfCisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdfNathanDjami
 
Thick Client Penetration Testing Modern Approaches and Techniques.pdf
Thick Client Penetration Testing Modern Approaches and Techniques.pdfThick Client Penetration Testing Modern Approaches and Techniques.pdf
Thick Client Penetration Testing Modern Approaches and Techniques.pdfElanusTechnologies
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - PrintAndrew Kanikuru
 
Open text security services catalog
Open text security services catalogOpen text security services catalog
Open text security services catalogMarc St-Pierre
 
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App SecWhat the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App SecIBM Security
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxYoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxVictoriaChavesta
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Mykhailo Antonishyn
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxAardwolf Security
 
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...Outpost24
 
Scaling AppSec through Education
Scaling AppSec through EducationScaling AppSec through Education
Scaling AppSec through EducationGrant Ongers
 
What is needed to start trusting the security of your applications in the cloud?
What is needed to start trusting the security of your applications in the cloud?What is needed to start trusting the security of your applications in the cloud?
What is needed to start trusting the security of your applications in the cloud?PECB
 
Breached! App Attacks, Application Protection and Incident Response
Breached! App Attacks, Application Protection and Incident ResponseBreached! App Attacks, Application Protection and Incident Response
Breached! App Attacks, Application Protection and Incident ResponseResilient Systems
 

Similar to Cloud Application Security Service (20)

Introducing safenetix
Introducing safenetixIntroducing safenetix
Introducing safenetix
 
7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
 
Patient Safety Cloud Solution Brochure
Patient Safety Cloud Solution BrochurePatient Safety Cloud Solution Brochure
Patient Safety Cloud Solution Brochure
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Boss
 
IBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewIBM Rational AppScan Product Overview
IBM Rational AppScan Product Overview
 
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdfCisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
 
Thick Client Penetration Testing Modern Approaches and Techniques.pdf
Thick Client Penetration Testing Modern Approaches and Techniques.pdfThick Client Penetration Testing Modern Approaches and Techniques.pdf
Thick Client Penetration Testing Modern Approaches and Techniques.pdf
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - Print
 
Open text security services catalog
Open text security services catalogOpen text security services catalog
Open text security services catalog
 
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App SecWhat the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docx
 
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...
 
Scaling AppSec through Education
Scaling AppSec through EducationScaling AppSec through Education
Scaling AppSec through Education
 
What is needed to start trusting the security of your applications in the cloud?
What is needed to start trusting the security of your applications in the cloud?What is needed to start trusting the security of your applications in the cloud?
What is needed to start trusting the security of your applications in the cloud?
 
Breached! App Attacks, Application Protection and Incident Response
Breached! App Attacks, Application Protection and Incident ResponseBreached! App Attacks, Application Protection and Incident Response
Breached! App Attacks, Application Protection and Incident Response
 
Many products-no-security (1)
Many products-no-security (1)Many products-no-security (1)
Many products-no-security (1)
 

More from Briskinfosec Technology and Consulting

Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 

More from Briskinfosec Technology and Consulting (8)

Web Application Penetration Testing.pdf
Web Application Penetration Testing.pdfWeb Application Penetration Testing.pdf
Web Application Penetration Testing.pdf
 
Website Penetration Testing Services.pdf
Website Penetration Testing Services.pdfWebsite Penetration Testing Services.pdf
Website Penetration Testing Services.pdf
 
Web Application Security Service.pdf
Web Application Security Service.pdfWeb Application Security Service.pdf
Web Application Security Service.pdf
 
Threatsploit Adversary Report November
Threatsploit Adversary Report NovemberThreatsploit Adversary Report November
Threatsploit Adversary Report November
 
The Future Is Blockchain Era
The Future Is Blockchain EraThe Future Is Blockchain Era
The Future Is Blockchain Era
 
Comprehensive Guide On Network Security
Comprehensive Guide On Network SecurityComprehensive Guide On Network Security
Comprehensive Guide On Network Security
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 

Recently uploaded

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 

Recently uploaded (20)

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 

Cloud Application Security Service

  • 1. INDUSTRY Marketing Service Commercial Marketing OWASP, PTES, ISO27001, ITIL, ASVS STANDARDS PRIMARY SECTOR ABOUT CUSTOMER Our Stakeholder is one of the leading Commercial Marketing agents throughout the globe. They are one of the mightiest forces which drive higher sales and market share for consumer goods manufacturers and retailers around the world. They are the nation’s leading agency for food and non-food manufacturers, distributors and other operators across all away-from-home meal channels. More than 12000+ employees are working in the Organization. They are also the sales and marketing powerhouse behind the most recognised brands and a proven resource for top retailers all across the U.S. and Canada providing flexible solutions backed by talent, technology, reach and relationships. They have been the pioneer all over the globe providing their highest ethical standards of service. Largest Marketing Cloud Application Briskinfosec secured TYPE OF SERVICES : Cloud Application Marketing Services CASE STUDY OFFERED SERVICE Penetration Test APAC LOCATION
  • 2. ASSESSMENT SCOPE To fix the vulnerabilities in the cloud application, the Stakeholder wanted us to conduct a proactive Cloud appli- cation security testing. As the given application was an internal web application, the testing will be done by SAAS (security as a Service). The IP’s of the application was given, and the ultimate goal was to ensure that the cloud application is free from vulnerabilities that may compromise the application. THE SOLUTION Briskinfosec followed standards like Open Web Applica- tion Security Project (OWASP) TOP 10 and Application Security Verification Standards (ASVS) to identify all exposed vulnerabilities in the Website. BriskInfosec’s security team completely tested the Website by using frameworks. Key highlights of the vulnerability fix are as below : | Serious issues related to Input validation and authorisation, session management and cookies handling were identified, and the Development Team fixed the identified bugs. | Platform level vulnerabilities were identified in the cloud application safeguarding the Source code of the application. | We completely secured the cloud application from most common attacks by hardening the default configuration. | We performed vulnerability assessment by both automation and manual method of identifying the issues. | We provided the complete bug fixing document as a reference to your development team. TECHNICAL SECURITY ASSESSMENT REPORT Complete security testing was carried. All the detected issues and the proof of concept( POC ) will be covered with detailed steps in a PDF format. THE DELIVERABLE The reports and remediation information provided were customised to match the Stakeholder’s operational environment and development framework. The following reports were submitted to the customer: Key highlights of the bug fix are as below : ISSUE TRACKING SHEET All the identified issues were captured and will the be subjected for the retest review in a XLS format. | DAILY STATUS REPORT During the process of security testing, issues in cloud application were identified and we shared all identi- fied issues with corresponding recommendation Fix over mail on a daily basis. Our prospect looked at the given valid report (XLS) and started working the fix right from Day 1 as they need not work laboriously on the last day when the entire report is given by the security team thus making their final assessment report easier for preparation. FINAL BUG FIX REPORT Overview of the entire engagement, the issues identified and the recommendations were made to mitigate the same. OWASP ASVS Application security test was executed with the respective of OWASP ASVS (APPLICATION SECURITY VERIFICATION STANDARD) and Issue mapping sheet was shared along with security assessment report. CHALLENGES During vulnerability assessment, there were many challenges faced by our technical team. The challenges are cited below : | Since the application was hosted in cloud, we couldn’t directly access the application. | We had to procure permission from 3rd party groups as they were also a part of it. | We had to get then their authentication and approval for the measurement of not being a stranger accessing their applications but trusted and officially hired security team from Briskinfosec. | Only after this, we had to proceed with the security testing process. | One IP address was mentioned for testing. Only with that IP, our team was allowed to access the cloud applications. | If we used other area’s for testing which isn’t customised under that mentioned IP, then it becomes a breach against ethical service.
  • 3. B R I S K I N F O S E C TECHNOLOGY AND CONSULTING PVT LTD contact@briskinfosec.com www.briskinfosec.com 044 - 43524537 +91-8608634123 CONCLUSION We educated our Stakeholder on the measures to be taken for remedying the various flaws in their systems and processes. For remediation, we educated them about the necessary procedures such as the monitoring of their cloud applications daily and most significantly emphasising them about the need to tighten their security to cult Quality. We also insisted them to implement Web Application Firewall (WAF) for hardening their firewall and making it stronger. We then advised them to enhance log monitoring for security purposes. Also, we insisted them that their day to day networks to get segregated from the system storing sensitive personal information. Finally, we worked closely with our Stakeholder to improve policies, procedures and employee awareness programmes to increase their security maturity. | Because of this, too much of time was consumed to scan every part of testing process. But with perseverance and sheer grit, Briskinfosec completed the vulnerability assessment and reduced the vulnerabilities. RISK BENEFITS Brisk Infosec diminished security risks by assessing the customer’s infrastructure vulnerabilities and recom- mended solutions with proven methods to enhance security. CUSTOMER SATISFACTION Cloud-based Web-Application security testing was conducted with minimum interruption and damage across other customer systems to identify security vulnerabilities, impacts, and potential risks. COST SAVINGS Brisk Infosec suggested cost-effective measures based on the customer’s business requirements that would ensure security and continuity of the business. SUPPORT We offering 1year support with periodic security assessment review to keep customer stay and secure.