Security Testing Services Enable a Financial Services Company to Greatly Reduce Threat Level

Customer: Premier provider of loan documents for commercial and multifamily real estate loans.Profile: The client prepares loan documents for large national banks, regional banks, credit unions and private lenders.

Services: Vulnerability Assessment

Size: 11-50 employees
Region: Irvine, California
Industry: Financial Services

Business Need

The client uses a proprietary document preparation software and advanced web interface that helps them deliver loan documents with amazing speed and efficiency. Their team of experienced real estate finance attorneys and document specialists provide unparalleled support to customers across 50 states in the US.

The client realized that their website was infected with some suspicious activities. They were looking for a Security Testing Services partner who could perform external security testing against their web application.

The client also wanted the partner to provide a report with all the vulnerabilities discovered, and the remediation solutions/preventive actions for each of them.

Solution and Approach

  • Performed security scan using OWASP ZAP tool on the infected web application and submitted a Penetration Testing Report.
  • Reported no high-level vulnerabilities but a few medium and low-level vulnerabilities existed on the application:
    • X-Frame-Options Header Not Set
    • Format String Error
    • Server Details Disclosure
    • Cookie No HttpOnly Flag
  • Suggested corrective/preventive action for each of the vulnerabilities identified.
  • Once the client team implemented the suggested preventive action items to their website, Synoptek performed a security scan again.

Business Results

  • Synoptek helped the client mitigate risks with support from the test and security team.
  • With the acceptance of suggestions and preventive actions against identified vulnerabilities, the client has been able to reduce the security risk level for the production application.

Post testing, the client has been able to strengthen its security posture, minimize threat level, and reduce the impact of security incidents.

Download Pdf