Securing Agile Web app environments
The scope of this engagement consisted of delivering continuous vulnerability management of 100+web applications deployed by a online gaming company
- The client company required a continuous assessment of its entire global external attack surface in order to detect current security issues and detect new issues into the future.
- The client required an authenticated assessment to simulate an attacker with valid credentials on both desktop and mobile web applications.
- The client required a false positive free list of actionable findings which they could simply assign and fix.
- They required the assessment to continue to assess the sites so they could track progress and mitigation of discovered security risks.
- The client required API and Jira plugins in order to integrate the Edgescan verified vulnerability data directly their systems
- The client required retest on demand capability where required and also alerting of any new high risk issues discovered.
Onboarding
The onboarding phase consisted of validating each site and server for stability and criticality such that the continuous assessment could provide coverage and depth of testing as expected. Once an application is onboarded technical assessment can commence and the application is subject to technical security assessment on an ongoing basis.
Continuous Assessment
Edgescan provided continuous authenticated vulnerability assessments on an ongoing basis for the 100+web applications under management
All of the vulnerabilities are rated for risk and manually validated to help prioritize remediation ensuring critical exposures are fixed first
Assessments occurred on a scheduled and an ad-hoc basis as required by the client.
The assessment included the mobile sites offered by the client.
Outcome
Within the first 7 days Edgescan discovered, validated and published 55 high risk issues on the clients Edgescan portal. The client proceeded to fix the discovered issues over the coming months and the fixes were verified and closed by edgescan. The client could display the improvement of its security posture over time. The client could request an assessment when required to retest for vulnerabilities and maintain a secure posture.