Project Goal

To identify critical security vulnerabilities in various applications security code review and penetration testing.

Our customer is a leading integrated global oil and gas player operating across the energy sector value chain. A wholly owned company of the Government of Dubai, the company comprises more than 30 related subsidiaries involved in refining, lubricant blending, storage, aviation and retail.

Challenges

• Lack of structured vulnerability management process or portal
• Lack of dynamic testing plan for regular product customization that has over 100 applications
• Lack of regular tracking of vulnerability and remediation status
• Need to implement SLA based project delivery for conducting penetration testing & security code review (SAST & DAST)

Application Scope

• Retail property Management and Petty Cash Management Systems
• Microsoft CRM & AX Mobile Journey
• Web Portal & Call Center
• Authentication Services & Payment systems
• Retail Operations Dashboard
• Applications developed internally or by third-party vendor

Testhouse Solutions/Services

• Static Application Security Testing (SAST)
• Dynamic Application Security Testing (DAST)

Results

• RISK RATING – Defined risk rating based on organizational Standard Operational Procedures.

• DASHBOARD – Centralized dashboard to manage vulnerabilities.

• TASK FORCE – Central task force team for entire activity management.

• SLA’S – Defined SLA’s and outcome based consumption model for delivering both SAST & DAST services.