Application Security Audits
Large Retail Bank
Business Challenge
Business and financial pressures to quickly deploy new applications forced application developers to speed the process of creating and launching new application. As with many firms, the need for speed and reduced costs led to some unintentional "corner cutting" on security quality assurance that resulted in serious security flaws. Software development managers, pushed to focus on functionality, performance and speed of deployment paid little attention to the impact of security flaws on their new applications. In the end, several critical applications were found vulnerable to common security flaws they were forced to repair after production deployment, at a cost that the National Institutes of Standards and Technology (NIST) estimates is at least 30 times higher than when fixed prior to production deployment.
Solution
Acumen Solutions' AppSecure™ services help avoid costly security breaches by identifying security holes in applications before the "bad guys" find them. This retail banking client hired Acumen Solutions to evaluate the security of its business applications both pre- and post-deployment. By focusing on software quality in the development process and by educating developers on security-aware practices, overall application quality is improved and re-work costs can be minimized.
To uncover security vulnerabilities, Acumen Solutions tested and evaluated all elements of the web-based application environment, including:
- Compiled applications
- Web servers
- Database servers
- Underlying operating systems
- Network infrastructure
Applications were evaluated for both common security flaws and compliance with our client's specific security policies. In addition, Acumen Solutions also provided secure application training to developers, which included secure coding practices, common security mistakes to avoid, security policy compliance, and the use of security testing tools in the quality assurance process.
Return on Investment
Our banking client has relied on Acumen Solutions consultants to audit and help secure more than 100 business applications. During that time, we have been able to dramatically reduce the number of security flaws in applications before they are deployed, saving the firm hundreds of thousands of dollars in post deployment code remediation costs.