Case Study - Financial Services


Safeguarding an insurer’s reputation for efficiency and service

Being able to submit claims online can be a big plus for insurance policyholders – it means their claims get settled more quickly and reflects well on the quality of service the insurer offers. But for online claims to remain a positive experience all round, the insurer must be confident its web-based service is secure.

This was the case for our client, a major travel insurance company, who wanted reassurance on the resilience of its publically available online claims service and related IT infrastructure.

We conducted a comprehensive IT security analysis of both, testing the web application from the perspective of both unauthenticated and authenticated end-users. Although we found the web and related infrastructure to be largely secure, we picked up several low-key risks. For example, certain features of the application allowed sensitive information for a legitimate user to be cached within the browser. If the computer being used was in a shared/public environment, it would therefore be possible for an attacker to access previously entered information.

In addition, we were able to force the application to disclose sensitive information, such as session ID, directory listing, etc.  Cyber attackers finding and exploiting the same minor vulnerabilities would be able to publish this sensitive data online, thus inflicting considerable reputational damage on the insurer. Our report proposed a set of remediation steps to address these vulnerabilities and increase security even further with minimal effort.

Our work provided the reassurance the company was looking for and allows it to offer, with confidence, an online claims service that positions it as a modern and service-oriented player in the market.

If you need to secure your web applications, contact one of our technical security specialists or find out more about our penetration testing services find out more about our penetration testing services