Case Study

Security Testing Services Enable a Financial Services Company to Greatly Reduce Threat Level

Customer: Premier provider of loan documents for commercial and multifamily real estate loans. Profile: The client prepares loan documents for large national banks, regional banks, credit unions and private lenders.

Services: Vulnerability Assessment

Size: 11-50 employees
Region: Irvine, California
Industry: Financial Services

Business Need

The client uses a proprietary document preparation software and advanced web interface that helps them deliver loan documents with amazing speed and efficiency. Their team of experienced real estate finance attorneys and document specialists provide unparalleled support to customers across 50 states in the US.

The client realized that their website was infected with some suspicious activities. They were looking for a Security Testing Services partner who could perform external security testing against their web application.

The client also wanted the partner to provide a report with all the vulnerabilities discovered, and the remediation solutions/preventive actions for each of them.

Solution and Approach

Synoptek partnered with the financial services company to identify the vulnerabilities in their website and carry out required testing. Synoptek performed the following actions items:

  • Performed security scan using OWASP ZAP tool on the infected web application and submitted a Penetration Testing Report.
  • Reported no high-level vulnerabilities but a few medium and low-level vulnerabilities existed on the application:
    • X-Frame-Options Header Not Set
    • Format String Error
    • Server Details Disclosure
    • Cookie No HttpOnly Flag
  • Suggested corrective/preventive action for each of the vulnerabilities identified.
  • Once the client team implemented the suggested preventive action items to their website, Synoptek performed a security scan again.

Business Results

Synoptek’s Vulnerability Assessment Services enabled the client to get insight into the vulnerabilities, which were then implemented by the client team.

  • Synoptek helped the client mitigate risks with support from the test and security team.
  • With the acceptance of suggestions and preventive actions against identified vulnerabilities, the client has been able to reduce the security risk level for the production application.

Post testing, the client has been able to strengthen its security posture, minimize threat level, and reduce the impact of security incidents.

Download PDF