Problem Statement
Customer was required to conduct an independent security review of its application and cloud infrastructure as part of its contractual obligations.
Services Delivered
- Conducted a security architecture review of the cloud environment and provided recommendations
- Conducted Application Security Assessments, identified issues and provided recommendations for mitigation
- Performed a security focused static code review of the in-scope APIs/ Services/ Interfaces
- Conducted VAPT for network, storage and compute elements of cloud infrastructure, identified vulnerabilities and provided recommendations for mitigation
- Reviewed the SDLC practice and provided recommendations for enhancing the security controls
- Reviewed the cloud security framework against CSA STAR controls, identified gaps and provided recommendations
Value Provided
- Provided the client with a security assessment report, which was high-level in nature to validate the implementation of key controls to protect confidential information
- Provided roadmap to mitigate key risks and extended support for remediation
- Provided roadmap to achieve CSA STAR certification
