These are some of Appsecco's case studies from 2018 to showcase the breadth of work we typically undertake and the results we achieve for our clients. They range from helping a leading investment bank up-skill their security team to working with an international ed-tech company redesign they way the develop software to the complete penetration test of a ship! Don't hesitate to contact us if you would like to discuss any of them in more detail or to learn more about how Appsecco can help you on your security journey. Appsecco is a specialist application and cloud security company with physical presence in London, Bangalore and Boston, providing industry leading advice that is firmly grounded in commercial reality.

1. Appsecco Case Studies 2019
Some of our work from 2018

2. Complete security assessment
One of the largest ERP software manufacturers in the world required a
time-bound security assessment of their software and the infrastructure on
which the software would be hosted
We performed a comprehensive security assessment, providing an
attacker’s view from the Internet, as a local user on their network and as a
user of the product, uncovering multiple security issues
We worked with the client’s team to incorporate our recommendations
and mitigations into their product, providing assurance to our client and
their customers
Case study – ERP

3. Security team training
We were contacted by a top 10 global investment bank with a requirement
to provide bespoke training for their security team
We developed a training course to address their specific security training
requirements and delivered it on-site to their team in two day sessions
The training was very well received by attendees and has led to further
training requirements with the client on a regular basis
Case study – financial services

4. Security assessment of a mobile app
One of the USA’s leading education content providers wanted to verify the
security of their iOS mobile app that was going to be used in multiple
universities
Despite previously having undergone security testing, we found multiple
security weaknesses that could allow cross-user data access and trivial
business logic bypasses
With our support the client was able to fix the vulnerabilities found and
produce a version that was properly secure
Case study – enterprise software

5. Secure DevOps process consulting
One of the largest ed-tech companies in Asia contracted us to
improve their development and IT operations processes to provide data
security assurance
We worked with them to completely restructure their dev & IT ops to
create a modern Secure DevOps practice, from a hard separation of
production infrastructure, to automated secure deployment and security
dashboard creation
Our work has enabled the client to focus on their business requirements,
knowing that their data security is monitored and maintained 24/7
Case study – education

6. Security assessment of a ship
One of North America’s largest shipyards wanted to verify the security of
multiple networks of a vessel they had built, to provide assurance to their
client it was secure against cyber attack
We carried out external black box penetration testing and as an attacker
on-board with local LAN access. We were able to compromise the vessel’s
network, gaining shell access to the systems via their VoIP software
Our findings enabled our client to inform their software vendor of the
issues found and fix and secure their product, and the vessel overall,
accordingly
Case study – marine

7. Mobile app and backend web services
One of India’s largest logistics providers asked us to evaluate their mobile
app and backend web services for security weaknesses
A comprehensive vulnerability assessment was conducted and, despite our
our best efforts, the mobile app and its backend were securely built and
withstood our attacking attempts
Our client was assured of the security of their mobile app and was able to
focus on building bigger and better things, secure in the knowledge their
approach to security was right
Case study – logistics

8. Security architecture review
A leading e-commerce company contacted us to help identify security risks
in their e-commerce platform, especially around financial fraud
We performed a comprehensive threat modelling and security architecture
review to map different aspects of the platform along with applicable
threats and corresponding countermeasures
Our work brought new insight to the client and helped them shift their
security strategy to a proactive stance, allowing them to implement
effective security controls instead of responding to security vulnerabilities
Case study – online retail

9. Thick-client software testing
A leading provider of specialist security reconnaissance software contacted
us to test one of their desktop products for vulnerabilities, to provide
security assurance to their clients
We conducted a product security assessment of their desktop client,
associated server components and the data transport layer
Our testing revealed some issues that needed to be addressed, we worked
with the client to fix and mitigate these and provided them with a final
report to share with their clients to provide the assurance they sought
Case study – desktop software

10. Security consulting
A global leader in HR services contracted us for help mitigating critical
vulnerabilities in their infrastructure, discovered as part of an external
penetration test exercise
We worked with their internal IT team to provide actionable support and
advice to resolve the issues found, via a secure communications and
knowledge management portal which we implemented
Our work enabled them to quickly mitigate critical security issues, make
informed decisions on security product selection and use our portal to
retain that knowledge within their organisation
Case study – HR services

11. Due diligence insight
One of the UK’s largest listed property services companies wanted to
understand if there were any immediate security issues with a financial
services acquisition they were planning to make
We conducted a product security testing and an assessment of the target’s
overall security posture to highlight any issues the acquirer needed to be
aware of before completing the deal
We uncovered multiple issues with the application that enabled rogue
users to manipulate financial data which the client took into account as
part of their diligence process
Case study – M&A

12. Organisational security assurance
One of Europe’s largest independent digital agencies contacted us to
understand how secure their organisation's infrastructure was against
attack
We conducted a black box infrastructure penetration test and were able to
discover a number of security issues that could lead to organisational and
client data compromise
We worked with the agency to provide guidance in resolving the issues
found and ensure that they were fixed to provide the security assurance
they and their clients required
Case study – marketing and communications

13. Website testing
An existing client, a leading retailer with over 1,800 locations in Europe,
contacted us to re-test the security of their updated online presence
We carried out a black box penetration test of their e-commerce platform,
and associated infrastructure, and we were able to report that, aside from
some minor issues, it had been developed and deployed to a good
standard of security
It was great to see that the work we’d previously done with the client’s
technical team had paid off and that their updated application had been
built well and was secure
Case study – retail

14. To learn more about the work we do and how we can
help you be more secure, contact us:
contact@appsecco.com www.appsecco.com +44 20 3137 0558
LONDON | BANGALORE | BOSTON | DOHA

15. About Appsecco
Pragmatic, holistic, business-focused approach
Specialist Application Security company
Highly experienced and diverse team
Black Hat trainers
Def Con speakers
Assigned
multiple CVEs
Certified
hackers
OWASP chapter
leads