Case Study > Technology > Automated Security Testing Process Transformation for Leading Fintech Client
Automated Security Testing Process Transformation for Leading Fintech Client
Jan 22 2024 |7 min read
Problem Statement

The objective of the customer was to implement a QE Strategy with central emphasis on ensuring security of the information. To achieve this, they reached out to Gemini to design automation frameworks and process that could be integrated into all phases of development lifecycle. The goal was to ensure adherence to the highest levels of security requirements throughout the project's lifecycle.

Client Information

The customer is one of the largest investment management firms providing solutions to institutions, financial professionals, and millions of individuals worldwide.

Key Challenges
  • Building an automation solution that is centered around security testing.
  • Integration of automated security verification and validation solution into CICD pipeline.
  • Building an automated solution that supports every development environment and follows every industry standard such as OWASP Top 10, CWE Top 25.
  • Automated analysis of security process, minimizing the occurrence of false positives and thus saving time for manual verification.
  • Implementation of secret management checks at every layer of security inspection process, thereby ensuring secrets are safe from unauthorized and unwanted access.
Approach

Gemini QE team designed and implemented automated security verification and validation solution as described below:

  • Implementing and adopting test automation solution for APIs to cover functionality, but also achieve better coverage around security testing.
  • Implementation of solution for SAST (Security Analysis Security Testing) with Secret Management check across their entire codebase, with business logic present.
  • Implementation of solution for DAST (Dynamic application security Testing) with Secret Management check across internal and external applications.
  • Integration of Security Test Execution and Analysis into CI-CD pipeline
  • Implementation of Automated Reporting Generation Process that will analyse, vulnerabilities and share results with respective stakeholders.
Benefits

Implementation of Automated Security Testing Solution has helped client achieving:

  • Compliance towards security standards set by OWASP Top 10 and CWE Top 25.
  • Discovering security loopholes in coding practices and vulnerabilities in third party dependency libraries early in the development cycle, thereby reducing refactoring efforts considerably.
  • Enabling automated code reviews from security perspective, thereby standardizing coding approach across organization, and improving security policies.
  • Reduction in overall testing effort and improvement in overall testing execution cycle.
Hem Singh Bist

Hem Singh Bist

Case Studies you may like

There are no more Case Studies for this Cateory.