Berezha Security Group (bsg)

Web Application Security Assessment for a SaaS Product

INDUSTRY Software Product Development, SaaS Provider. CLIENT A US-based cloud-based e-signature solution. A SaaS document signing platform with over 45,000 customers and over 6 million users. TEAM BSG provided the following team composition for this project: Application Security Consultant, Application Security Analyst Application Security Lead Project Manager The team members had relevant Application Security experience and possessed professional certifications: CISSP, OSCP, and eWPTX. DURATION Three weeks. BUDGET $5,000 - $7,500 PROJECT CHALLENGES The solution has a web application component; native mobile apps for iOS and Android; integrations with Salesforce, SharePoint, Office365, etc.; and public and private cloud deployment options with the unified underlying API. Their main objective was meeting security and compliance requirements for the SaaS product and the cloud infrastructure. As the solution stored and processed mainly sensitive data, it faced data exposure risks or software security vulnerabilities. SOLUTION BSG recommended the client make the following systemic improvements: Conduct regular Application Security assessments Conduct an Application Security Awareness training for the development team Implement crucial Application Security practices in the software development processes. After the client has fixed all discovered issues, BSG performed a re-test of all initial findings free of charge and updated the report with retest results. RESULT BSG has delivered a comprehensive report describing all discovered vulnerabilities and providing actionable recommendations on fixing them. During the next two months, the client has remediated all reported issues, and BSG has conducted a re-test. The Application Security assessment helped the client achieve compliance to external requirements, improve the product’s security level, remove potentially harmful security weaknesses, and avoid future data breaches.