The Challenge:

Company B is a FTSE 100 Insurance company. Company B had multiple critical applications which as part of the Financial requirements, required an annual assurance (BAU) as well as applications which are to be deployed (project). These applications were tested annually for a number of years by various testing companies.

Process Taken:

A list of applications was taken and prioritized. Scoping calls and walkthrough were organized with the various IT Owners and Departments. Our consultants managed the whole process including the testing of the applications.

Re[ports were communicated to the Business owners. Remediation advice was discussed with the Development team and any retesting performed.

The Results:

There were a number of findings which were unexpected to Company B.

Call to Action:

Any applications, particularly externally facing applications should be tested for vulnerabilities, and these identified vulnerabilities managed to remediation. Any weakness in these applications can lead to a loss of Confidentiality, Integrity or Availability which in turn lead to Massive fines from the ICO, loss of business from your customers or  financial loss as an example.

Further reading:

https://en.wikipedia.org/wiki/Web_testing

https://www.bankinfosecurity.com/blogs/5-lessons-from-talktalk-hack-p-1967