Aplura Security Assessment: The Situation - Mid-Sized Application provider

1 minute read

Commercial Application Provider

  • Manages and maintains a web-based HR solution for US Federal entities

  • All software and data are hosted on Application Provider systems

Federal Guidelines

  • The Application provider as a commercial entity does not fall under Federal regulatory compliance requirements; however, their customers require similar standards.

  • The Application provider, in preparation for a new very large non-civilian federal customer needed to demonstrate an appropriate security posture with a small threat surface.

  • The solution must meet the following:

    • External evaluation for unnecessary access

    • Report discovered-flaws from Web Application evaluation

    • All system/application interrogation must be performed during specified maintenance windows to minimize operational impact.

    • The entire project was to be completed quickly to meet operational commitments the Application provider made to their new customer.

The Solution

  • Aplura’s consultants worked with the Application provider and their IT contractor who manages their data-center.

  • Aplura modified their Aplura Security Assessment (ASA) to customize it for this purpose.

  • The ASA was well suited for this work, since it covered the requirements and included a lot of additional value to the customer.

The Results

  • The customer was provided a report which highlighted met all of their requirements

  • Additionally, the report demonstrated additional considerations regarding unnecessary information disclosure found during the network services interrogation.