The client is a leading global beverage manufacturer. They had multiple application development teams sending ad-hoc vulnerability assessment requests which were becoming difficult to manage. They wanted a vendor who could conduct vulnerability assessments with stringent Service Level Agreements (SLAs) as well as follow up with development teams for remediation, fixation and consultation.
Infosys conducted different levels of testing based on the complexity of applications as well as provided remediation, coordination and consultation thereby reducing vulnerabilities in the application landscape.
Key Challenges
- Non-existence of any application security assessment tool
- Huge backlog of un-remediated high and medium severity vulnerabilities
- Difficulty in managing multiple application development teams across the globe
- Unregulated vulnerability assessment requests to be resolved within stringent SLAs
The Solution
Minimized risk surface in the IT landscape
- Provided application security testing as a service
- Provided tools and services for conducting vulnerability assessment on web applications, web services, and mobile applications
- Conducted tool-based testing along with manual testing using a combination of commercial and open-source tools
- Performed different levels of testing based on complexity of applications
- Proposed a comprehensive vulnerability management life cycle including remediation closure and consultation in addition to scanning, analysis, and reporting
Benefits
Identified, prioritized, tracked, and eliminated security weaknesses
Reduced operational cost
Closed all high severity vulnerabilities before production rollout
Closed 80% medium severity vulnerabilities within 60 days of SLA
Regulated the number of vulnerability assessment requests to be performed periodically by enhancing client’s ticketing tool
Increased visibility on number of applications assessed, application criticality, number of vulnerabilities identified/closed
