Customer was required to conduct an independent security review of its application and cloud infrastructure as part of its contractual obligations.
Services Delivered
Conducted a security architecture review of the cloud environment and provided recommendations
Conducted Application Security Assessments, identified issues and provided recommendations for mitigation
Performed a security focused static code review of the in-scope APIs/ Services/ Interfaces
Conducted VAPT for network, storage and compute elements of cloud infrastructure, identified vulnerabilities and provided recommendations for mitigation
Reviewed the SDLC practice and provided recommendations for enhancing the security controls
Reviewed the cloud security framework against CSA STAR controls, identified gaps and provided recommendations
Value Provided
Provided the client with a security assessment report, which was high-level in nature to validate the implementation of key controls to protect confidential information
Provided roadmap to mitigate key risks and extended support for remediation
Provided roadmap to achieve CSA STAR certification
