Summary
We provided technical expertise to perform penetration testing of web-based applications and developed a detailed remediation plan. The results of the engagement included reducing cyber risk associated with publicly available web applications and an informed stakeholder community better prepared to identify and address vulnerabilities.
Situation
The customer’s objective is to identify cyber risk associated with publicly accessible web applications. Customer leadership needed guidance to determine the best approach to assessing the applications without adversely impacting production operations. The scope of applications included cloud-based and on premise hosted services.
Satori Solution
We advised the customer to determine the best approach to assessing the applications and performed the penetration test. The service included technology reconnaissance, vulnerability scanning, manual testing, findings analysis, findings recommendation development, and stakeholder review. Our team also conducted findings review sessions to communicate the findings and clarify steps needed to remediate gaps.
Results
The outcomes included a clear understanding of web application cyber risk and a prioritized remediation plan. This includes resource recommendations and leading practices to continually train developers and enhance software security.