DevSecOps Enablement for a Re-Insurance Client in the US

Business Ask

Implementation of DevSecOps using Azure DevOps, SAST and DAST security tools for 160+ applications.

Client Requirement

• Implementation of DevSecOps Process encompassing the complete integration of Security tools in the CI/CD pipeline
• Security Assessment of 160 Web applications and Mobile Applications
• Analysis of false positives and removal of gigantic false positive no. to speed up remediation
• Secure coding guidelines and remediation suggestion for remediation of vulnerabilities

LTM Solution

• End to End implementation of DevOps using Azure DevOps Build & Release Pipelines, automated  quality control gates via Security tools integration & approval workflow 
• Successfully deployed Microfocus Fortify and Checkmarx tool in the Azure DevOps environment 
• Performed automated source code review scans & DAST scans of more than 160 Web & Mobile Applications 
• Performed manual source code reviews and manual DAST approach such as API Testing for deeper security whenever required 
• Established a dashboard for tracking the real-time security posture of application in DevOps pipeline 
• Performed False positive analysis of all applications that were scanned for SAST & DAST 
• Provided remediation advise to development teams for remediation of vulnerabilities

Key Highlights

• 160+ Web and Applications
• 300% Insurance Sector Client
• 40+ Remediation & AMS Team Size
• 2500+ One DevOps Platform