Finance Real Estate
QE
About the Client
A privately held real estate investment and financial services firm focused on acquiring, developing, and building relationships with housing, leaders, and organizations. The organization works with several businesses and enterprises, offering services such as mutual funds, sales, leasing, property management, construction management, development, and loan servicing. The organization has empowered more than 2,200 investors through proprietary systems and membership platforms and impacted over 800,000 lives.
Business Needs
Hybrid work environments, increased cloud adaptability, malware exploits, and innovative phishing attacks have brought new challenges. The organization has extensive business divisions with more than $4 billion worth of assets under management. The need to uphold its business reputation as one of the ‘Fastest growing company’ required the organization to test its product suite’s resilience as early as the development stage.
Business Challenge
The organization’s execution system strived to help small and mid-sized entrepreneurs scale their businesses in an organized and measurable manner. In addition to helping its customers grow by 10X and delivering the ‘WOW’ experience to them, the firm looked for visibility on its security weaknesses and sought guidance to address them.
With over 40% of cyberattacks targeted at SMBs, the real estate investment and financial services firm sought a robust framework to rigorously access its network infrastructure while maintaining the uptime of all critical services and patching up the vulnerabilities before they were interrupted by external threats. Additionally, the organization needed a solution that ensured the web portal was safe for customer transactions and uploading personal information.
Trigent Solution
The organization invested in Vulnerability Assessment and Penetration Testing (VAPT) to understand and resolve its system vulnerabilities. The organization already had a risk management program in place wherein the security team would focus on identifying the current level of risk.
The organization partnered with Trigent to augment its QA capabilities and find a solution that meets the expected growth and security of the organization. Trigent’s QA experts recommended a full-scope VAPT strategy. The team developed an optimized QA testing strategy for automated and manual hacker perspective assessment, using open-source tools and manual methods to penetrate e-reader software and identify security breach gaps. Furthermore, Trigent’s team performed Dynamic Application Security Testing (DAST) of web pages and categories based on several compliance standards such as Open Web Application Security Project (OWASP) top 10 and SysAdmin, Audit, Network, and Security (SANS) top 25.
Trigent enabled the organization to identify and perform all the necessary security testing, such as:
Greybox Penetration Testing, wherein tests were designed to keep the attackers’ techniques used in the bug bounty programs to manipulate parameter values and tamper operational data.
As a Domain-Based Testing, the team performed verification and validation of privilege escalations and unauthorized access to premium accounts using session logs and IDs.
Injection Attacks Testing included the injection of technology-based scripts and files in URLs and search fields.
The robust security testing framework further ensured proactive detection and assessment of vulnerabilities and threats, managed security audit reports, and prioritized action plan reports of security-related recommendations.
Client Benefits:
The robust, persona-based VAPT not only helped the organization to meet regulatory and compliance requirements but also enabled it:
- To reduce the risk of data and security breaches and protect assets worth $4 billion
- Maintain its position as the ‘Fastest growing company’ by offering a stable application suite that is capable of withstanding multiple threats
Technology Stack:
