August 17, 2019

Identification and Remediation of Application Vulnerabilities

INDUSTRY
Application Testing

SERVICES
Secure DevOps
Static and Dynamic Code Analysis
Vulnerability Management

SKILLS
Application Security Engineers
DevOps Engineers
Threat Analysts

Secure coding practices for three million lines of code.

The Challenge
Our client, whose software is used in highly regulated industries, lacked the ability to evaluate its source code for vulnerabilities. Two large applications with different secure software development requirements needed evaluation. In each case we needed to identify and support remediation of vulnerabilities prior to release. Application 1 included 1.7 million lines of code of C#, .NET, 45k lines of VB and required daily reviews. Application 2 had more than two million lines of code. Each application needed to be reviewed three times per year.

The Solution
Our team integrated with each application’s build process, scaling with customer requirements. Our process includes the following steps:

  • Results are analyzed and triaged based on priority and category (false positive, poor practice, valid finding)
  • Remediation steps are added to the development pipeline

The Result
As a result of our solution, our client is able to deliver third party vetted and analyzed software that is developed secure at time of creation, reducing costly reengineering once released in production, enhancing customer satisfaction and end users trust by reducing vulnerabilities.

Quality. Commitment.
Trust.

Whether you want to advance your business or your career, Oxford is here to help. With nearly 40 years’ experience, we know that a great partnership is key to success. Start a conversation today.