UDTSecure™ Completes Web-Application Security Assessment for Private Sector Bank

One of our client’s key business goals was to provide its customers with a safe and secure online banking and payment portal.

The Customer

Our client with more than 250 branches, 300 ATMs and 50,000+ customers is a private sector bank with $2 billion dollars in assets.

The Challenge

One of our client’s key business goals was to provide its customers with a safe and secure online banking and payment portal. It was imperative for the client to ensure that the website was not susceptible to technical or design flaws while providing a smooth banking experience to its customers.

Furthermore, since the online banking and payment portal had been developed by a third-party organization, our client wanted assurance that the website was secure and contained appropriate security controls.

The UDTSecure™ Solution

By using UDTSecure’s unique in-house developed WebAppSecure framework, the consultants completed Web-Application Security Assessment. Key highlights of the security assessment included:

  • Functional mapping of the entire website with including URLs and parameters passed detail
  • Test cases were created based on the various sections mapped
  • Automated scans using various open-source and in-house developed scanners
  • Test case verification by manual confirmation for each potential test cases identified above
  • Vulnerability correlation

Once the first cycle of the engagement was completed and vulnerabilities were identified in the client’s website, UDTSecure InfoSec Consultants leveraged vulnerabilities to further penetrate the client’s application architecture and identify the vulnerabilities true impact to the organization.

The Deliverables

The reports and remediation information provided were customized to match the client’s operational environment and development framework. The following reports were submitted to the customer:

  • Executive Presentation: Overview of the entire engagement, the vulnerabilities discovered and the recommendations made to mitigate the threats identified on the client’s websites
  • Detailed Technical Report: Comprehensive information, proof of concept examples and detailed exploitation instructions of all the threats identified
  • Excel Tracker: Simple and comprehensive vulnerability tracker aimed at helping the IT asset owner keep track of the vulnerabilities, remediation status, action items, etc.

The Benefits

By conducting thorough security tests and identifying vulnerabilities, UDTSecure reduced the client’s risk exposure in a climate where Banking Regulatory Bodies are taking an extremely strict approach to security.

Additionally, the client gained the following benefits:

  • Risk Benefits: UDTSecure minimized security risks by assessing the customer’s infrastructure vulnerabilities and recommended solutions with proven methods to enhance security
  • Cost Savings: UDTSecure suggested cost-effective risk-mitigation measures based on the customer’s business requirements that would ensure security and continuity of the business
  • Customer Satisfaction: The Web-Application Security Assessment was conducted with minimum interruption or damage across customer systems to identify security vulnerabilities, impacts and potential risk
  • Compliance: The client was able to utilize the information gained from this Web-Application Security Assessment to easily gain industry certifications and provide a higher level of service to its customers

To learn more about UDTSecure’s Web-Application Assessment, please call 954-308-5100 today!

Download Now!

Accomplish More With UDT

Get your custom solution in cybersecurity, lifecycle management, digital transformation and managed IT services. Connect with our team today.

More to explore

How to Use Student Personas to Inform Your K12 Device Strategy

Elementary, middle, and high school students have different learning needs; naturally, they require different devices for digital learning. This blog will leverage insights from UDT’s recent webinar (June 4), “How to Leverage ‘Back to School’ Personas to Build Your Device Strategy.” Discover ways to identify the student-centric persona groups in your school district and how they can impact your device procurement and management considerations. Learn more by viewing our webinar recording. Looking for additional support? Download our latest guide, “2024 K12 Device Strategy Guide: Choosing the Right Device for Every Learner.”

Guide – Build Your K12 Device Refresh Strategy

Four years after the pandemic, school districts are now readying up to conduct their next large-scale device refresh. Download the guide and benefit from expert insights on how to make tactical improvements to your K12 device strategy.

What AI Means for Your Next K12 Device Refresh 

Artificial Intelligence (AI) is transforming K12 education. This article discusses the role of AI-first processors in the next generation of educational devices.

The Growth of Cybercrime-as-a-Service

Learn why you should worry about Cybercrime-as-a-Service (commonly abbreviated as either CCaaS or CaaS) and what you can do to protect your business from highly organized and sophisticated criminal elements.

Navigating K12 Device Repair After ESSER 

With ESSER funding ending, K12 tech repairs become a challenge. Discover how school districts can navigate device repair and refresh needs effectively.

QR Codes Are the Latest Cyberthreat to K12 Schools—Here’s Why

QR codes are convenient but can pose security risks. Discover how to check if a QR code is safe and prevent cyberattacks in your school.

Experiencing a security breach?

Get immediate assistance from our security operations center! Take the following recommended actions NOW while we get on the case:

RECOMMENDED IMMEDIATE NEXT ACTIONS

  1. Determine which systems were impacted and immediately isolate them. Take the network offline at the switch level or physically unplug the systems from the wired or wireless network.
  2. Immediately take backups offline to preserve them. Scan backups with anti-virus and malware tools to ensure they’re not infected
  3. Initiate an immediate password reset on affected user accounts with new passwords that are no less than 14 characters in length. Do this for Senior Management accounts as well.

Just one more step

Please fill out the following form,