The client is the world’s leading oilfield services company based out of the US. They were facing issues in identifying missing security controls and wanted to perform end to end vulnerability assessment and penetration testing service to improve security risk posture.
Infosys, with proven capability model and mature execution process, provided list of security risks or vulnerabilities in the client infrastructure and applications. This helped to remediate any unknown and hidden loopholes, thereby enhancing overall security posture of their environment.
Key Challenges
- Unable to identify and apply security controls for Azure environment
- Missing security packages and analyze threat impact were not identified
- Absence of end-to-end penetration test for cloud environment
- Complex platform cloud architecture
The Solution
Identified multiple security issues and recommended effective security controls
- Performed end-to-end vulnerability assessment and penetration testing on client’s infrastructure
- Carried out all test cases as per Open Web Application Security Project – top 10 for web applications
- Exploited target machines and provided detailed report of associated security risks
- Performed Dynamic Application Security Testing using combination of open source and commercial tools
- Reported and provided remediation plan for all key findings to the stakeholders
- Created awareness about maintenance of Azure environment and provided support till closure
- Identified various configuration issues and recommended to implement missing security controls
- Demonstrated how low severity vulnerabilities can help construct high impact on the client environment
Benefits
Cost and risk effective security solution
Identified critical, high, medium, and low severity issues as part of Vulnerability Assessment and Penetration Testing
Reduced risk and cost associated with recovering from a security/data breach
Reduced attack surface by proactively testing infrastructure using different attack techniques
Detected and exploited high complexity vulnerabilities using manual exploitation techniques
Client was able to evaluate their defense mechanism when an actual attack was carried out
