Whenever businesses offer access to their products and services via mobile devices, security is always a key issue. But when a business operates in the financial services sector, security concerns become even more critical. Businesses must be confident that they can keep customers’ sensitive data and account details secure, even when they are offer remote access from any location the customer chooses.
Naturally then, when our client, a leading protection and indemnity (P&I) business, decided to launch a new mobile app for members and brokers, it had to be sure that security met the highest standards. It also wanted to take the opportunity to check the security on other elements of its public IT infrastructure, including its website.
Our security experts carried out penetration testing on the client’s website and on the iOS and Android versions of the new app, identifying several vulnerabilities that could expose the client to cyber attack. Our comprehensive report provided detailed information on the location and severity of each potential issue together with our recommendations for mitigating the risks.
We then worked with the client’s development team to make sure our recommendations had been properly implemented, conducting a further penetration test, which showed that security had been significantly improved. This part of the assignment included building up the development team’s knowledge of common coding practices that can create security weaknesses and advising on how to avoid typical programming pitfalls.
As a result of our work, our client was able to launch the new mobile app, confident of maintaining members’ high level of trust in the organisation and of its ability to offer secure web services. We also left the business with a better understanding of how to improve and maintain the organisation’s security going forward.
If your business requires a vulnerability assessment, speak to one of our penetration testers today or read more about our technical security and penetration testing capabilities.
If you would like to develop your own knowledge and skills in the latest growing information security testing techniques, then find out about our range of expert-led cyber security training courses.