Application Security Testing for an Employee Benefits Enterprise Application

Document Sample
Application Security Testing for an Employee Benefits Enterprise Application Powered By Docstoc
					                                          HSTC603




APPLICATION SECURITY TESTING FOR AN EMPLOYEE
       BENEFIT ENTERPRISE APPLICATION




         www.harbinger-systems.com
                                            HARBINGER SYSTEMS


   Overview                                                                Services
   Harbinger Systems is a leading provider of software                     v Software Product Development
   engineering services to some of the world's best product                v Open Source Development
   companies. Our services span solution consulting,
                                                                           v Mobile Application Development
   software design, development, testing and test automation.
                                                                           v eLearning
   By leveraging cutting-edge technologies, Harbinger
   Systems works with its customers as a partner in                        v Software Testing
   technology innovation.                                                  v Performance Engineering
                                                                           v Digital Marketing



                                     A Harbinger Systems Case Study




                                  www.harbinger-systems.com
                                                                                                  Follow Us
Also Read Our White Papers…
                                                                                     v blog.harbinger-systems.com
 Interactive User Experience (IUX): Going Beyond Interfaces                          v www.twitter.com/HarbingerSys
 Comparing Adobe Flex & JavaScript
                                                                                     v www.facebook.com/harbingersys
 The Enterprise Software Makeover Guide
                                                                                     v www.slideshare.net/hsplmkting
 Five Javascript Frameworks: A Point-by-point Comparison
                                                                                     v www.linkedin.com/companies/382306

                                                        www.harbinger-systems.com
                                APPLICATION SECURITY TESTING FOR
                           AN EMPLOYEE BENEFIT ENTERPRISE APPLICATION
 Situation                                                                    Challenge
    An industry leader in Employee benefits has built an enterprise             This enterprise application needed to comply with
    application that will bring together online enrollment,                     HIPAA and SAS 70 guidelines and provide 24/7
    communications, payroll integration, human resources,                       availability
    administrative services and reporting.                                      This application will host sensitive demographics,
    This application will record the online enrollment and benefits             claims and enrollment data of employees and thus
    administration details of multiple customers ranging from small             application security was a high priority for the
    businesses to large national corporations in the United States.             company

 Harbinger Solution
    Creation of Threat Model - Threat modeling technique to identify             Tools and Technologies
    vulnerabilities and rate them based on the risks associated with it              Microsoft .NET 4.0 and SQL Server
    Application Scanning and Security Testing – Various tools and manual             ZAP Proxy
    testing techniques were used to discover the vulnerabilities such as
    SQL Injection, Cross Site Scripting, Session Hijacking, Parameter                XSS Me - Firefox Plugin
    Manipulation. Attacks were simulated using safe inputs to validate               HackBar - Firefox Plugin
    these vulnerabilities                                                            Tamper Data - Firefox Plugin
    Infrastructure Security Assessment – The server scanning focused on              Nikto
    version related checks, multiple index files, HTTP server options, port
                                                                                     Open Web Application Security Project
    scanning. Network scanning focused on services, applications,
                                                                                     (OWASP)
    firewalls, filters and port scanning.

                                   www.harbinger-systems.com

BENEFITS                                                                                              BOTTOM LINE
 Increased confidence for end-customers with highly secure application in                 Company was able to effectively support
 production                                                                               multiple customers through a single
 Product compliance as per HIPAA security guidelines                                      enterprise application that was completely
                                                                                          secure and had resistance to vulnerabilities.
 Best development practices and penetration testing of the application using
 OWASP tools helped customer obtain certification by renowned test services


                                                        www.harbinger-systems.com

				
DOCUMENT INFO
Description: Application Security Testing for an Employee Benefits Enterprise Application which effectively supported multiple customers though a single application which was completely secure and had resistance to vulnerabilities.