End-to-end Infrastructure Vulnerability Assessment and Penetration Testing for a Leading Health Tech Giant in Europe

About the client

The client is one of the leading health technology companies in the US and has been associated with LTM for more than three years. As healthcare is one of the most targeted industries by cyberattacks, the client wanted to secure their application framework and infrastructure ecosystem to ensure robust security of their web applications to prevent unauthorized access and potential data breaches.

The scope of the work includes performing on-demand security testing that includes.

• Security Code Review (SCR) 
• Web Application Manual Testing (WAMT) 
• Web Application Penetration Testing (WAPT) 
• IT Infrastructure Vulnerability Assessment and Penetration Testing (VAPT)
• Web Services Security Testing (WSST)
• Mobile Application Security Testing (MAST)
• Guided Web Services Security Testing (WSST) 
• Guided DAST (Dynamic Application Security Testing)

Challenges

As a long-standing client partner for more than three years, we understand the client’s key business drivers impacting security. The key challenges they faced were as follows:

• High number of false positive alerts  
• Ineffective vulnerability management operation 
• No security testing was performed during development and in-sprint
• No defined approach to consult for security testing 
• Complex policies and processes

LTM solution

LTM streamlined the complex policies and defined a process for continuous security testing across the software development lifecycle. We have also deployed vulnerability assessment, web application scanning framework, penetration testing, and dynamic application security testing.

Key solution highlights

• Performed in-depth analysis of the client’s current security architecture operation.
• Defined process for continuous security assessment across the software development lifecycle.. 
• Performed different levels of testing based on the complexity of applications and implemented continuous security testing.
• Proposed automation of dynamic and web application security testing.
• Implemented In-Sprint CI/CD-based dynamic security testing execution using Azure DevOps.
• Deployed Qualys Web Application Scanning (WAS) in the Azure DevOps environment to detect vulnerabilities on all networked assets, including servers, network devices, etc. 

Business benefits

LTM’s structured approach to security testing and DevSecOps automation helped the client achieve the following key business outcomes:

• 65% reduction in the overall efforts for the security testing program 
• 300% increase in the quality of defects using DevSecOps automation
• 70% reduction in false positives
• 2500+ vulnerabilities found and remediated 
• Reduced time to mitigate vulnerabilities and avoid slippages 
• Improved security testing workflow and plan 
• Reduced effort required for performing dynamic security testing