The customer is a global financial services company, headquartered in New York City is best known for its credit card, charge card, and traveler’s cheque businesses. Following an era of international expansion, the company became an entity. It is one of the global payments company today.
Their global delivery model revolves around developing a sustainable competitive advantage for their clients through a centralized repository of client’s web based database management system which involves migration of various profiles from all the major Global Distribution System (GDS), Online Booking Tools (OBT) and other external systems.
Their model allows third party application to access data via a published interface. The application is capable of sending desired data to GDS (Global Distribution System) using Window services. Application supports both types of database SQL Server as well as Oracle. The migration of data is a very critical process, as some modules are integrated by third party and various parts of application undergo routine revisions. The customer was concerned about the protection of the web based application along with the two tier thick client application, and about protecting its critical database repository against critical vulnerabilities and corresponding risks.
The customer planned to get Information Security Services from Torrid Networks Pvt Ltd which included a thorough application security assessment. Steps that are carried out for the in-depth analysis of application and performing security assessment:
Interaction with the development team is done to understand business requirements for the application, target customers, confidential assets and data flow of the application.
Objectives are defined to perform a through security assessment of web based application and thick client application.
Performed a web application audit and assess their application from an attacker’s perspective.