Problem Statement

Customer was required to conduct an independent security review of its application and cloud infrastructure as part of its contractual obligations.

Services Delivered

• Conducted a security architecture review of the cloud environment and provided recommendations
• Conducted Application Security Assessments, identified issues and provided recommendations for mitigation
• Performed a security focused static code review of the in-scope APIs/ Services/ Interfaces
• Conducted VAPT for network, storage and compute elements of cloud infrastructure, identified vulnerabilities and provided recommendations for mitigation
• Reviewed the SDLC practice and provided recommendations for enhancing the security controls
• Reviewed the cloud security framework against CSA STAR controls, identified gaps and provided recommendations

Value Provided

• Provided the client with a security assessment report, which was high-level in nature to validate the implementation of key controls to protect confidential information
• Provided roadmap to mitigate key risks and extended support for remediation
• Provided roadmap to achieve CSA STAR certification