Breaking News

A Top Financial Institution Scales its AppSec Program and Achieves 100% PCI Compliance – WhiteHat Security Customer Case Study

Growing Cyber Threats to the Financial Industry

sheetAs highly regulated industries, much is at stake for banks and financial services firms. They run very complex businesses, are required to meet regulatory requirements, and must protect sensitive data from increasingly sophisticated cyber threats. Individual banks suffer thousands of attacks daily and over years, the number of cyber-attacks on financial organizations has grown exponentially making financial services the most heavily targeted industry. According to recent industry statistics, vulnerabilities in web applications and application-specific attacks are the leading causes of data breaches. The importance of application security in the financial industry cannot be overstated.

Growing Cyber Threats to the Financial Industry

This year, threat actors are taking advantage of the COVID-19 crisis. Cyber-attacks against the financial sector increased by 238 percent from February to April 2020. (Source: Modern Bank Heists 3.0, Carbon Black, May 2020). Despite the strong regulations in the financial sector, the large number of vulnerabilities in websites and mobile applications continue to pose a substantial risk for damaging data breaches. Building a robust application security program is a must to ensure that your organization remains secure from the inside out.

Financial Services Customer Case Study

WhiteHat has developed a long-standing relationship with some of the top US financial institutions and has helped them achieve application security resilience and PCI compliance. Our security experts and professional services team worked collaboratively with the internal security and development teams and our solution has enabled them to develop secure digital applications faster and helping them remediate vulnerabilities at run-time.

Our recent case study looks at how a top US financial banking organization partnered with WhiteHat Security to scale their application security program, achieve 100% PCI compliance, and redefine their path to digital transformation.

Business Needs for a Robust Application Security Program

While working on a technologically transformative project, this high-profile financial banking organization needed to quickly scale application security to thousands of their applications. Their key goals were to:

  • Ensure stronger application security for enterprise and consumer-facing applications
  • Reduce time and resources wasted on triaging false positives
  • Improve and meet regulatory compliance

WhiteHat was chosen to meet their challenge because we demonstrated the most comprehensive and industry-proven dynamic application security solution. WhiteHat’s solution is capable of monitoring and scanning hundreds of applications in production 24/7 in a production safe manner. Another factor was our ability to perform rich business logic assessments to confidently roll out their applications to customers.

Results and Business Impact

Scaled to Thousands of Applications

This organization has a sprawling portfolio of thousands of applications, and they were building new applications to address mobile banking and e-banking needs for hundreds of thousands of their customers, with security goals in mind. By implementing our automated Sentinel Dynamic and Sentinel Mobile application security testing and the invaluable guidance of our security experts, this financial organization gained greater visibility into their application portfolio and quickly scaled their application security program.

Verified Results – 99% False Positives Free

WhiteHat’s security experts served as an extension of their security team and ensured that automated results were reviewed and analyzed for all vulnerabilities to eliminate false positives.

“We love the fact that WhiteHat is production safe and we can do authenticated scanning and above all that ALL of the findings are verified and we are 99% false positives free!”
Application Security Manager

Achieved 100% PCI Compliance

As for any financial banking organization Payment Card Industry (PCI) compliance was essential to protect their customers from data breaches and protect their business against cyberattacks. PCI covers various levels of protection and requirements that organizations must comply with, including relevant application security requirements to develop and maintain secure systems and applications. Exceeding the strictest industry standards as established by the PCI Security Standard Council, WhiteHat provided ongoing, verified vulnerability assessments for both internal and public websites. In a matter of a few months, this organization was able to increase compliance from 40% to 100% with WhiteHat Security.

How did we achieve this? On the application security front, our team ensured that continued assessment, remediation and reporting was diligently followed through. The process included, though not limited to:

  • Maintaining an inventory of applications, website assets, and incorporating security within the software development lifecycle
  • Continuous testing and vulnerabilities assessment of security risks aligned with OWASP top 10 web application security risks and monitoring applications with customer testing
  • Ensuring scans, business logic assessments, and internal manual tests were completed by deadlines
  • Providing the right set of metrics and tracking progress over time resulted in a sustainable and scalable approach to implement application security and measure success over time

You can read the full customer case study here.

We are proud to be a trusted partner of this innovative banking organization helping them significantly minimize risks so they can drive their digital transformation securely and with confidence.

 

Tags: Application Security Program, business logic assessment, DAST, dynamic application security testing, financial services case study, PCI Compliance, WhiteHat customer case study