Case Study

Auto WebApp

Web application testing solution for an artificial intelligence-based digital retailing storefront solution for auto dealerships. Features include lead management, sales pipeline, real-time inventory update, staff alerts via SMS & emails, F&I management, CRM integration, etc.

CHALLENGES

With ongoing cyber-attacks against the Auto industry, the client was concerned that this may cause widespread disruption and potential business interruption, which may affect software update releases. They need to deliver secure solutions without the risk of harm to their clients.

PROCESS

The team identified that risk to security was being considered at all stages of a project lifecycle, for a new system or changes to an existing system.  

  • The team performed a full security assessment of the web app with processes and tooling. 
  • The team utilized OWASP Top 10, OSSTMM, NCCI-CCI
  • Industry standards such as PCI DSS, GDPR, etc also in cooperated to protect the data privacy

KEY FINDINGS

  • No multi-factor authentication was in place to access the development environment 
  • Malware was found on multiple systems 
  • No centralized location for code validation 
  • No validation for publicly available codes downloaded

SOLUTIONS 

  • Provided gaps and recommendations.
  • Road map and diagram proposed environment.
  • Designed new development infrastructure.
  • Worked with the development team on the checkout process. 
  • Develop security development lifecycle policy based on the process.

 

DELIVERABLES

A comprehensive report documenting all identified gaps, deficiencies, and vulnerabilities in detail. The final report included the topics listed below.

  1. a) Executive Summary: A Summary of the Scope, Approach, Findings, and recommendations.
  2. b) Core Findings along with Risk Analysis: A view of the core findings along with screenshots.
  3. c) Detailed Findings: The observations are thoroughly examined and categorized as Critical or Non Critical. Furthermore, the risk associated with each observation is assessed and classified as Very High, High, Medium, or Low, depending on its potential impact.
  4. d) In-depth analysis of findings/Corrective Measures & Recommendations along with Risk Analysis
  5. e) Suggestions and Best Practices.