Building Secure Web Applications
Industry: Service, Sales/Marketing
Challenge: The client had fragmented and inconsistent processes when they developed custom websites for their clients. This led to applications that were vulnerable to common web attacks. After getting dinged on audits and failed vulnerability scans, they asked us to recommend some best practices.
Solution: We interviewed developers, quality assurance, project managers and business leaders to understand the culture of developing secure web applications. We measured their secure coding practices against industry best practices and provided key recommendations:
- Building security into the development process
- Encouraging and incentivizing a culture of security
- Standardizing and documenting security expectations for all development
These practices helped the organization develop consistent and secure web applications. They were also able to leverage these practices to pass their PCI DSS and ISO 27001 audits. By implementing our recommendations, our client could confidently assure their clients that their custom web applications were built with security in mind.