The client is a leading vendor who provides applications that integrate with the US government’s database and offers automated compliance software that integrates with any payroll. The software enables users to e-file and submits required documents to the national tax collection agency.
- Since the application handles highly sensitive data, information security is of paramount importance. The customer faced the following challenges:
- It was difficult for the customer to gauge the level of application security, in the wake of emerging security threats.
- Customers had to ensure that their application is not vulnerable to threats like SQL injection, XSS, session hijacking, and unencrypted transport layer communication.
- The server in which the application is hosted is a self-managed cloud server and it was not possible to gauge the server’s security or understand if it was configured to prevent attacks like DOS, DDOS, brute force
- Unable to ascertain if security measures implemented were adequate and could prevent intrusion detection and provide alert about such attacks.
- Unable to check for regulatory compliance
The Zerone approach:
Zerone team performed a server vulnerability assessment to expose culpabilities in the present in the application. Transport layer encryption and modified firewall configurations were used to decrease cybersecurity exposures. The vulnerability experts also closed all unnecessary services in the server which were enabled by default.