Security Testing for Payments Provider
A payments firm was naturally concerned about its security, as were its regulators. The company wanted its security testing to be ‘above and beyond’ vs. just cursory, as they assumed that they would be frequently targeted due to the nature of their business.
The firm engaged DataArt for penetration testing due to its testing rigor. DataArt’s standard package includes a heavy emphasis on manual testing. This involves up to five times the professional resources of similarly priced automated packages.
As a result, it typically uncovers issues that automated tests do not. The final deliverable was a report with a non-technical executive summary. More technical sections included a prioritized list of findings and practical remediation suggestions.
During the project, the firm’s staff began to ask DataArt’s professionals for security advice. As a result, the firm engaged DataArt’s Security Assurance and Consulting services.
DataArt created security checklists for the firm’s development and QA staff. It also published periodic security Best Practices bulletins. Finally, it worked with the firm to document its application and network security.
- Security documentation went from barely existent to comprehensive.
- Significantly fewer security issues due to developer training.
- Shorter total development lifecycle — fewer security issues to repair.
- DevOps more confident in leveraging cloud security tools.
- Better risk profile for regulators.